First published: Wed Feb 19 2020(Updated: )
An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Coturn Project Coturn | =4.5.1.1 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Fedoraproject Fedora | =30 | |
Fedoraproject Fedora | =31 | |
Fedoraproject Fedora | =32 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.10 | |
Canonical Ubuntu Linux | =20.04 | |
debian/coturn | 4.5.2-3 4.6.1-1 4.6.1-2 | |
ubuntu/coturn | <4.5.0.7-1ubuntu2.18.04.2 | 4.5.0.7-1ubuntu2.18.04.2 |
ubuntu/coturn | <4.5.1.1-1.1ubuntu0.19.10.1 | 4.5.1.1-1.1ubuntu0.19.10.1 |
ubuntu/coturn | <4.5.1.1-1.1ubuntu0.20.04.1 | 4.5.1.1-1.1ubuntu0.20.04.1 |
ubuntu/coturn | <4.5.0.3-1ubuntu0.3 | 4.5.0.3-1ubuntu0.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.