PublicDateAtUSN: 2020-02-19 19:15:00 UTC
Candidate: CVE-2020-6062
PublicDate: 2020-02-19 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6062
 https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985
 https://github.com/coturn/coturn/commit/e09bcd9f7af5b32c81b37f51835b384b5a7d03a8
 https://ubuntu.com/security/notices/USN-4415-1
Description:
 An exploitable denial-of-service vulnerability exists in the way CoTURN
 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST
 request can lead to server crash and denial of service. An attacker needs
 to send an HTTP request to trigger this vulnerability.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_coturn:
upstream_coturn: needs-triage
precise/esm_coturn: DNE
trusty_coturn: ignored (out of standard support)
trusty/esm_coturn: DNE
xenial_coturn: released (4.5.0.3-1ubuntu0.3)
bionic_coturn: released (4.5.0.7-1ubuntu2.18.04.2)
eoan_coturn: released (4.5.1.1-1.1ubuntu0.19.10.1)
focal_coturn: released (4.5.1.1-1.1ubuntu0.20.04.1)
devel_coturn: not-affected (4.5.1.1-1.2)