Search criteria
7 vulnerabilities by coturn_project
CVE-2020-26262 (GCVE-0-2020-26262)
Vulnerability from cvelistv5 – Published: 2021-01-13 18:15 – Updated: 2024-08-04 15:56
VLAI?
Summary
Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.x.x.x`. However, it was observed that when sending a `CONNECT` request with the `XOR-PEER-ADDRESS` value of `0.0.0.0`, a successful response was received and subsequently, `CONNECTIONBIND` also received a successful response. Coturn then is able to relay packets to the loopback interface. Additionally, when coturn is listening on IPv6, which is default, the loopback interface can also be reached by making use of either `[::1]` or `[::]` as the peer address. By using the address `0.0.0.0` as the peer address, a malicious user will be able to relay packets to the loopback interface, unless `--denied-peer-ip=0.0.0.0` (or similar) has been specified. Since the default configuration implies that loopback peers are not allowed, coturn administrators may choose to not set the `denied-peer-ip` setting. The issue patched in version 4.5.2. As a workaround the addresses in the address block `0.0.0.0/8`, `[::1]` and `[::]` should be denied by default unless `--allow-loopback-peers` has been specified.
Severity ?
7.2 (High)
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:03.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coturn/coturn/commit/abfe1fd08d78baa0947d17dac0f7411c3d948e4d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coturn/coturn/blob/57180ab60afcaeb13537e69ae8cb8aefd8f3f546/ChangeLog#L48"
},
{
"name": "FEDORA-2021-dee141fc61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G54UIUFTEC6RLPOISMB6FUW7456SBZC4/"
},
{
"name": "FEDORA-2021-32d0068851",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4CJOPAQT43MYAFU3UROGLEXN3Z6RS4H/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "coturn",
"vendor": "coturn",
"versions": [
{
"status": "affected",
"version": "\u003c 4.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.x.x.x`. However, it was observed that when sending a `CONNECT` request with the `XOR-PEER-ADDRESS` value of `0.0.0.0`, a successful response was received and subsequently, `CONNECTIONBIND` also received a successful response. Coturn then is able to relay packets to the loopback interface. Additionally, when coturn is listening on IPv6, which is default, the loopback interface can also be reached by making use of either `[::1]` or `[::]` as the peer address. By using the address `0.0.0.0` as the peer address, a malicious user will be able to relay packets to the loopback interface, unless `--denied-peer-ip=0.0.0.0` (or similar) has been specified. Since the default configuration implies that loopback peers are not allowed, coturn administrators may choose to not set the `denied-peer-ip` setting. The issue patched in version 4.5.2. As a workaround the addresses in the address block `0.0.0.0/8`, `[::1]` and `[::]` should be denied by default unless `--allow-loopback-peers` has been specified."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441 Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-682",
"description": "CWE-682 Incorrect Calculation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T02:06:09",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coturn/coturn/commit/abfe1fd08d78baa0947d17dac0f7411c3d948e4d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coturn/coturn/blob/57180ab60afcaeb13537e69ae8cb8aefd8f3f546/ChangeLog#L48"
},
{
"name": "FEDORA-2021-dee141fc61",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G54UIUFTEC6RLPOISMB6FUW7456SBZC4/"
},
{
"name": "FEDORA-2021-32d0068851",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4CJOPAQT43MYAFU3UROGLEXN3Z6RS4H/"
}
],
"source": {
"advisory": "GHSA-6g6j-r9rf-cm7p",
"discovery": "UNKNOWN"
},
"title": "Loopback bypass in Coturn",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-26262",
"STATE": "PUBLIC",
"TITLE": "Loopback bypass in Coturn"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "coturn",
"version": {
"version_data": [
{
"version_value": "\u003c 4.5.2"
}
]
}
}
]
},
"vendor_name": "coturn"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.x.x.x`. However, it was observed that when sending a `CONNECT` request with the `XOR-PEER-ADDRESS` value of `0.0.0.0`, a successful response was received and subsequently, `CONNECTIONBIND` also received a successful response. Coturn then is able to relay packets to the loopback interface. Additionally, when coturn is listening on IPv6, which is default, the loopback interface can also be reached by making use of either `[::1]` or `[::]` as the peer address. By using the address `0.0.0.0` as the peer address, a malicious user will be able to relay packets to the loopback interface, unless `--denied-peer-ip=0.0.0.0` (or similar) has been specified. Since the default configuration implies that loopback peers are not allowed, coturn administrators may choose to not set the `denied-peer-ip` setting. The issue patched in version 4.5.2. As a workaround the addresses in the address block `0.0.0.0/8`, `[::1]` and `[::]` should be denied by default unless `--allow-loopback-peers` has been specified."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-441 Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-682 Incorrect Calculation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p",
"refsource": "CONFIRM",
"url": "https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p"
},
{
"name": "https://github.com/coturn/coturn/commit/abfe1fd08d78baa0947d17dac0f7411c3d948e4d",
"refsource": "MISC",
"url": "https://github.com/coturn/coturn/commit/abfe1fd08d78baa0947d17dac0f7411c3d948e4d"
},
{
"name": "https://github.com/coturn/coturn/blob/57180ab60afcaeb13537e69ae8cb8aefd8f3f546/ChangeLog#L48",
"refsource": "MISC",
"url": "https://github.com/coturn/coturn/blob/57180ab60afcaeb13537e69ae8cb8aefd8f3f546/ChangeLog#L48"
},
{
"name": "FEDORA-2021-dee141fc61",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G54UIUFTEC6RLPOISMB6FUW7456SBZC4/"
},
{
"name": "FEDORA-2021-32d0068851",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4CJOPAQT43MYAFU3UROGLEXN3Z6RS4H/"
}
]
},
"source": {
"advisory": "GHSA-6g6j-r9rf-cm7p",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-26262",
"datePublished": "2021-01-13T18:15:17",
"dateReserved": "2020-10-01T00:00:00",
"dateUpdated": "2024-08-04T15:56:03.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4067 (GCVE-0-2020-4067)
Vulnerability from cvelistv5 – Published: 2020-06-29 19:55 – Updated: 2024-08-04 07:52
VLAI?
Summary
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3.
Severity ?
CWE
- CWE-665 - Improper Initialization
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coturn/coturn/issues/583"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/coturn/coturn/blob/aab60340b201d55c007bcdc853230f47aa2dfdf1/ChangeLog#L15"
},
{
"name": "DSA-4711",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4711"
},
{
"name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2271-1] coturn security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00002.html"
},
{
"name": "openSUSE-SU-2020:0937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00010.html"
},
{
"name": "USN-4415-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4415-1/"
},
{
"name": "FEDORA-2020-9eadf517de",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNJJO77ZLGGFJWNUGP6VDG5HPAC5UDBK/"
},
{
"name": "FEDORA-2020-d946f64eea",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5G35UBNSRLL6SYRTODYTMBJ65TLQILUM/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "coturn",
"vendor": "coturn",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.1.1, \u003c 6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665: Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-09T02:06:26",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coturn/coturn/issues/583"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coturn/coturn/blob/aab60340b201d55c007bcdc853230f47aa2dfdf1/ChangeLog#L15"
},
{
"name": "DSA-4711",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4711"
},
{
"name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2271-1] coturn security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00002.html"
},
{
"name": "openSUSE-SU-2020:0937",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00010.html"
},
{
"name": "USN-4415-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4415-1/"
},
{
"name": "FEDORA-2020-9eadf517de",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNJJO77ZLGGFJWNUGP6VDG5HPAC5UDBK/"
},
{
"name": "FEDORA-2020-d946f64eea",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5G35UBNSRLL6SYRTODYTMBJ65TLQILUM/"
}
],
"source": {
"advisory": "GHSA-c8r8-8vp5-6gcm",
"discovery": "UNKNOWN"
},
"title": "Improper Initialization in coturn",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-4067",
"STATE": "PUBLIC",
"TITLE": "Improper Initialization in coturn"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "coturn",
"version": {
"version_data": [
{
"version_value": "\u003e= 5.1.1, \u003c 6.0.0"
}
]
}
}
]
},
"vendor_name": "coturn"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-665: Improper Initialization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm",
"refsource": "CONFIRM",
"url": "https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm"
},
{
"name": "https://github.com/coturn/coturn/issues/583",
"refsource": "MISC",
"url": "https://github.com/coturn/coturn/issues/583"
},
{
"name": "https://github.com/coturn/coturn/blob/aab60340b201d55c007bcdc853230f47aa2dfdf1/ChangeLog#L15",
"refsource": "MISC",
"url": "https://github.com/coturn/coturn/blob/aab60340b201d55c007bcdc853230f47aa2dfdf1/ChangeLog#L15"
},
{
"name": "DSA-4711",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4711"
},
{
"name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2271-1] coturn security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00002.html"
},
{
"name": "openSUSE-SU-2020:0937",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00010.html"
},
{
"name": "USN-4415-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4415-1/"
},
{
"name": "FEDORA-2020-9eadf517de",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNJJO77ZLGGFJWNUGP6VDG5HPAC5UDBK/"
},
{
"name": "FEDORA-2020-d946f64eea",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5G35UBNSRLL6SYRTODYTMBJ65TLQILUM/"
}
]
},
"source": {
"advisory": "GHSA-c8r8-8vp5-6gcm",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-4067",
"datePublished": "2020-06-29T19:55:13",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6061 (GCVE-0-2020-6061)
Vulnerability from cvelistv5 – Published: 2020-02-19 18:27 – Updated: 2024-08-04 08:47
VLAI?
Summary
An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability.
Severity ?
CWE
- heap overflow
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:41.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2020-f3fcb1608a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQZZPI34LAS3SFNW6Z2ZJ46RKVGEODNA/"
},
{
"name": "FEDORA-2020-305c173af8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XN2NK6FT7AMW5UIZNXDNHKEAYWAUMGSF/"
},
{
"name": "FEDORA-2020-6efa0fc869",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUVZRXW5ZIGWVKOLF3NPXRPP74YX7BUY/"
},
{
"name": "DSA-4711",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4711"
},
{
"name": "USN-4415-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4415-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CoTURN",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "CoTURN 4.5.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "heap overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:35:16",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "FEDORA-2020-f3fcb1608a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQZZPI34LAS3SFNW6Z2ZJ46RKVGEODNA/"
},
{
"name": "FEDORA-2020-305c173af8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XN2NK6FT7AMW5UIZNXDNHKEAYWAUMGSF/"
},
{
"name": "FEDORA-2020-6efa0fc869",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUVZRXW5ZIGWVKOLF3NPXRPP74YX7BUY/"
},
{
"name": "DSA-4711",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4711"
},
{
"name": "USN-4415-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4415-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-6061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CoTURN",
"version": {
"version_data": [
{
"version_value": "CoTURN 4.5.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "heap overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2020-f3fcb1608a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQZZPI34LAS3SFNW6Z2ZJ46RKVGEODNA/"
},
{
"name": "FEDORA-2020-305c173af8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XN2NK6FT7AMW5UIZNXDNHKEAYWAUMGSF/"
},
{
"name": "FEDORA-2020-6efa0fc869",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUVZRXW5ZIGWVKOLF3NPXRPP74YX7BUY/"
},
{
"name": "DSA-4711",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4711"
},
{
"name": "USN-4415-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4415-1/"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2020-6061",
"datePublished": "2020-02-19T18:27:20",
"dateReserved": "2020-01-07T00:00:00",
"dateUpdated": "2024-08-04T08:47:41.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6062 (GCVE-0-2020-6062)
Vulnerability from cvelistv5 – Published: 2020-02-19 18:25 – Updated: 2024-08-04 08:47
VLAI?
Summary
An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability.
Severity ?
5.9 (Medium)
CWE
- denial of service
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:40.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2020-f3fcb1608a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQZZPI34LAS3SFNW6Z2ZJ46RKVGEODNA/"
},
{
"name": "FEDORA-2020-305c173af8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XN2NK6FT7AMW5UIZNXDNHKEAYWAUMGSF/"
},
{
"name": "FEDORA-2020-6efa0fc869",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUVZRXW5ZIGWVKOLF3NPXRPP74YX7BUY/"
},
{
"name": "DSA-4711",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4711"
},
{
"name": "USN-4415-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4415-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CoTURN",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "CoTURN 4.5.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:35:17",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "FEDORA-2020-f3fcb1608a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQZZPI34LAS3SFNW6Z2ZJ46RKVGEODNA/"
},
{
"name": "FEDORA-2020-305c173af8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XN2NK6FT7AMW5UIZNXDNHKEAYWAUMGSF/"
},
{
"name": "FEDORA-2020-6efa0fc869",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUVZRXW5ZIGWVKOLF3NPXRPP74YX7BUY/"
},
{
"name": "DSA-4711",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4711"
},
{
"name": "USN-4415-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4415-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-6062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CoTURN",
"version": {
"version_data": [
{
"version_value": "CoTURN 4.5.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 5.9,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2020-f3fcb1608a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQZZPI34LAS3SFNW6Z2ZJ46RKVGEODNA/"
},
{
"name": "FEDORA-2020-305c173af8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XN2NK6FT7AMW5UIZNXDNHKEAYWAUMGSF/"
},
{
"name": "FEDORA-2020-6efa0fc869",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUVZRXW5ZIGWVKOLF3NPXRPP74YX7BUY/"
},
{
"name": "DSA-4711",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4711"
},
{
"name": "USN-4415-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4415-1/"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2020-6062",
"datePublished": "2020-02-19T18:25:22",
"dateReserved": "2020-01-07T00:00:00",
"dateUpdated": "2024-08-04T08:47:40.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-4059 (GCVE-0-2018-4059)
Vulnerability from cvelistv5 – Published: 2019-03-21 14:30 – Updated: 2024-08-05 05:04
VLAI?
Summary
An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuration, which can lead to additional attacks. An attacker who can get access to the telnet port can gain administrator access to the TURN server.
Severity ?
6.5 (Medium)
CWE
- Other
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:04:29.198Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "coTURN",
"vendor": "Talos",
"versions": [
{
"status": "affected",
"version": "coTURN 4.5.0.5"
}
]
}
],
"datePublic": "2019-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuration, which can lead to additional attacks. An attacker who can get access to the telnet port can gain administrator access to the TURN server."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:09:09",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0733"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2018-4059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "coTURN",
"version": {
"version_data": [
{
"version_value": "coTURN 4.5.0.5"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuration, which can lead to additional attacks. An attacker who can get access to the telnet port can gain administrator access to the TURN server."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.5,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0733",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0733"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2018-4059",
"datePublished": "2019-03-21T14:30:59",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T05:04:29.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-4058 (GCVE-0-2018-4058)
Vulnerability from cvelistv5 – Published: 2019-03-21 14:15 – Updated: 2024-08-05 05:04
VLAI?
Summary
An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability.
Severity ?
7.7 (High)
CWE
- Privilege
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:04:28.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0732"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "coTURN",
"vendor": "Talos",
"versions": [
{
"status": "affected",
"version": "coTURN 4.5.0.5"
}
]
}
],
"datePublic": "2019-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:09:08",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0732"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2018-4058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "coTURN",
"version": {
"version_data": [
{
"version_value": "coTURN 4.5.0.5"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.7,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0732",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0732"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2018-4058",
"datePublished": "2019-03-21T14:15:36",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T05:04:28.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-4056 (GCVE-0-2018-4056)
Vulnerability from cvelistv5 – Published: 2019-02-05 18:00 – Updated: 2024-09-17 00:05
VLAI?
Summary
An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator web portal. An attacker can log in via the external interface of the TURN server to trigger this vulnerability.
Severity ?
9.1 (Critical)
CWE
- Improper Neutralization of Special Elements used in an SQL Command
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:04:28.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190211 [SECURITY] [DLA 1671-1] coturn security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00017.html"
},
{
"name": "DSA-4373",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4373"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0730"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "coTURN",
"vendor": "Talos",
"versions": [
{
"status": "affected",
"version": "coTURN 4.5.0.5"
}
]
}
],
"datePublic": "2018-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator web portal. An attacker can log in via the external interface of the TURN server to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:09:07",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "[debian-lts-announce] 20190211 [SECURITY] [DLA 1671-1] coturn security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00017.html"
},
{
"name": "DSA-4373",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4373"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0730"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-01-29T00:00:00",
"ID": "CVE-2018-4056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "coTURN",
"version": {
"version_data": [
{
"version_value": "coTURN 4.5.0.5"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator web portal. An attacker can log in via the external interface of the TURN server to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.1,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements used in an SQL Command"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190211 [SECURITY] [DLA 1671-1] coturn security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00017.html"
},
{
"name": "DSA-4373",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4373"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0730",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0730"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2018-4056",
"datePublished": "2019-02-05T18:00:00Z",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-09-17T00:05:30.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}