CVE-2020-4067

Priority
Description
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN
response buffer is not initialized properly. There is a leak of information
between different client connections. One client (an attacker) could use
their connection to intelligently query coturn to get interesting bytes in
the padding bytes from the connection of another client. This has been
fixed in 4.5.1.3.
Notes
Package
Upstream:released (4.5.1.3-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.5.0.3-1ubuntu0.3)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.5.0.7-1ubuntu2.18.04.2)
Ubuntu 20.04 LTS (Focal Fossa):released (4.5.1.1-1.1ubuntu0.20.04.1)
Ubuntu 20.10 (Groovy Gorilla):not-affected (4.5.1.3-1)
More Information

Updated: 2020-07-28 20:08:19 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)