Check CVE Id
Check CWE Id
In coturn before version 184.108.40.206, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 220.127.116.11.
An exploitable denial-of-service vulnerability exists in the way CoTURN 18.104.22.168 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability.
An exploitable heap overflow vulnerability exists in the way CoTURN 22.214.171.124 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability.
Back to Top