CVE-2020-6061
Published: 19 February 2020
An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability.
Priority
CVSS 3 base score: 9.8
Status
Package | Release | Status |
---|---|---|
coturn Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
Ubuntu 20.10 (Groovy Gorilla) |
Not vulnerable
(4.5.1.1-1.2)
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Released
(4.5.1.1-1.1ubuntu0.20.04.1)
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.5.0.7-1ubuntu2.18.04.2)
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.5.0.3-1ubuntu0.3)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|