Source: coturn Version: 4.5.1.1-1.1 Severity: important Tags: security upstream Control: found -1 4.5.0.5-1+deb9u1 Control: found -1 4.5.0.5-1
Hi, The following vulnerabilities were published for coturn. CVE-2020-6061[0]: | An exploitable heap overflow vulnerability exists in the way CoTURN | 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST | request can lead to information leaks and other misbehavior. An | attacker needs to send an HTTPS request to trigger this vulnerability. CVE-2020-6062[1]: | An exploitable denial-of-service vulnerability exists in the way | CoTURN 4.5.1.1 web server parses POST requests. A specially crafted | HTTP POST request can lead to server crash and denial of service. An | attacker needs to send an HTTP request to trigger this vulnerability. I marked the issue as no-da, becuase it's an issue in the respective administration web server (which should not be started by default). If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-6061 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6061 [1] https://security-tracker.debian.org/tracker/CVE-2020-6062 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6062 Regards, Salvatore
