Описание
An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 4.5.0.7-1ubuntu2.18.04.2 |
| devel | not-affected | 4.5.1.1-1.2 |
| eoan | released | 4.5.1.1-1.1ubuntu0.19.10.1 |
| esm-apps/bionic | released | 4.5.0.7-1ubuntu2.18.04.2 |
| esm-apps/focal | released | 4.5.1.1-1.1ubuntu0.20.04.1 |
| esm-apps/xenial | released | 4.5.0.3-1ubuntu0.3 |
| esm-infra-legacy/trusty | DNE | |
| focal | released | 4.5.1.1-1.1ubuntu0.20.04.1 |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
Показывать по
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability.
An exploitable heap out-of-bounds read vulnerability exists in the way ...
An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability.
Уязвимость веб-сервера Coturn, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
7.5 High
CVSS2
9.8 Critical
CVSS3