VDB
CVE-2020-6061
CVE-2020-6061
PUBLISHED
An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability.
EPSS 1.77% · 83.0th percentile
Risk Scores
EPSS Score
1.77%
83.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | coturn | 4.5.0.7-1ubuntu1, 4.5.0.7-1ubuntu2, 4.5.0.7-1ubuntu2.18.04.1 |
| Ubuntu:20.04:LTS | coturn | 0, 4.5.1.1-1.1build1, 4.5.1.1-1.1build2 |
| Ubuntu:16.04:LTS | coturn | 0, 4.4.5.4-2, 4.5.0.2-3 |
Exploit Intelligence
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984 (nist-nvd)
- Outdated Coturn is vulnerable to known vulnerabilities (High) (hackerone)
- Outdated Coturn is vulnerable to known vulnerabilities (High) (hackerone)
- Outdated Coturn is vulnerable to known vulnerabilities (High) (hackerone)
- FEDORA-2020-f3fcb1608a (circl)
- FEDORA-2020-305c173af8 (circl)
- FEDORA-2020-6efa0fc869 (circl)
- DSA-4711 (circl)
- USN-4415-1 (circl)
Timeline
- CVE Published
- Apr 13, 2020 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-6061 third-party-advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984 third-party-advisory
- https://github.com/coturn/coturn/commit/51a7c2b9bf924890c7a3ff4db9c4976c5a93340a third-party-advisory
- https://ubuntu.com/security/notices/USN-4415-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-6061 third-party-advisory