Vulnerability Description
An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Coturn Project | Coturn | 4.5.1.1 |
| Debian | Debian Linux | 9.0 |
| Fedoraproject | Fedora | 30 |
| Canonical | Ubuntu Linux | 16.04 |
Related Weaknesses (CWE)
References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985ExploitThird Party Advisory
- https://usn.ubuntu.com/4415-1/Third Party Advisory
- https://www.debian.org/security/2020/dsa-4711Third Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985ExploitThird Party Advisory
- https://usn.ubuntu.com/4415-1/Third Party Advisory
- https://www.debian.org/security/2020/dsa-4711Third Party Advisory
FAQ
What is CVE-2020-6062?
CVE-2020-6062 is a vulnerability with a CVSS score of 7.5 (HIGH). An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. A...
How severe is CVE-2020-6062?
CVE-2020-6062 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-6062?
Check the references section above for vendor advisories and patch information. Affected products include: Coturn Project Coturn, Debian Debian Linux, Fedoraproject Fedora, Canonical Ubuntu Linux.