CVE-2026-43994
- EPSS 0.45%
- Veröffentlicht 18.06.2026 19:44:46
- Zuletzt bearbeitet 26.06.2026 02:30:37
Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decode_oauth_token_gcm(). A uint16_t nonce_len field read from an attacker-supplied OAuth access token (0-65535) is passe...
CVE-2026-43915
- EPSS 0.14%
- Veröffentlicht 18.06.2026 19:33:42
- Zuletzt bearbeitet 26.06.2026 02:35:52
Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting (XSS) vulnerability in the web-admin HTTPS interface. An attacker who can create a TURN allocation with a crafted USER...
CVE-2026-40613
- EPSS 1.12%
- Veröffentlicht 21.04.2026 18:00:53
- Zuletzt bearbeitet 24.04.2026 13:41:41
Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN attribute parsing functions in coturn perform unsafe pointer casts from uint8_t * to uint16_t * without alignment checks. When processing a crafted ST...
CVE-2026-27624
- EPSS 0.25%
- Veröffentlicht 25.02.2026 04:04:17
- Zuletzt bearbeitet 27.02.2026 18:04:29
Coturn is a free open source implementation of TURN and STUN Server. Coturn is commonly configured to block loopback and internal ranges using "denied-peer-ip" and/or default loopback restrictions. CVE-2020-26262 addressed bypasses involving "0.0.0.0...
CVE-2020-26262
- EPSS 1.28%
- Veröffentlicht 13.01.2021 19:15:16
- Zuletzt bearbeitet 21.11.2024 05:19:41
Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.x.x.x`. However, it was observed that when sending ...
CVE-2020-4067
- EPSS 1.85%
- Veröffentlicht 29.06.2020 20:15:10
- Zuletzt bearbeitet 21.11.2024 05:32:14
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligent...
CVE-2020-6061
- EPSS 5.12%
- Veröffentlicht 19.02.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 05:35:00
An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS reque...
CVE-2020-6062
- EPSS 6.1%
- Veröffentlicht 19.02.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 05:35:00
An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigge...
CVE-2018-4058
- EPSS 0.94%
- Veröffentlicht 21.03.2019 16:00:54
- Zuletzt bearbeitet 21.11.2024 04:06:39
An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide acc...
- EPSS 1.9%
- Veröffentlicht 21.03.2019 16:00:54
- Zuletzt bearbeitet 21.11.2024 04:06:39
An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide admin...