漏洞标题
coturn中的初始化不当
漏洞描述信息
coturn中的初始化不当
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
漏洞类别
N/A
漏洞标题
Improper Initialization in coturn
漏洞描述信息
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3.
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
漏洞类别
初始化不恰当
漏洞标题
CoTURN 安全漏洞
漏洞描述信息
CoTURN是一款TURN(VoIP媒体业务NAT穿越服务器和网关)和STUN(用户数据报协议简单穿越网络地址转换器)Server的开源实现。 CoTURN 4.5.1.3之前版本中存在安全漏洞,该漏洞源于程序没有正确初始化STUN/TURN响应缓冲区。攻击者可利用该漏洞获取信息。
CVSS信息
N/A
漏洞类别
其他