1852362 – (CVE-2020-4067) CVE-2020-4067 coturn: STUN response buffer not initialized properly

Bug 1852362 (CVE-2020-4067) - CVE-2020-4067 coturn: STUN response buffer not initialized properly

Summary: CVE-2020-4067 coturn: STUN response buffer not initialized properly

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2020-4067
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-06-30 09:15 UTC by Robert Scheck
Modified:	2020-10-14 19:28 UTC (History)
CC List:	2 users (show)
Fixed In Version:	coturn-4.5.1.3
Clone Of:
Environment:
Last Closed:	2020-06-30 09:20:33 UTC
Embargoed:

Attachments	(Terms of Use)

Description Robert Scheck 2020-06-30 09:15:45 UTC

In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3.

See also:

 - https://github.com/coturn/coturn/issues/583
 - https://nvd.nist.gov/vuln/detail/CVE-2020-4067

Comment 1 Robert Scheck 2020-06-30 09:20:33 UTC

Addressed on all active branches of Fedora and EPEL via:

 - https://bodhi.fedoraproject.org/updates/FEDORA-2020-21dbf4f78b
 - https://bodhi.fedoraproject.org/updates/FEDORA-2020-d946f64eea
 - https://bodhi.fedoraproject.org/updates/FEDORA-2020-9eadf517de
 - https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-8e909a0e81
 - https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-afd5c42fd6

Note You need to log in before you can comment on or make changes to this bug.