rpm package
opensuse/coturn&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/coturn&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-27624 | — | < 4.9.0-1.1 | 4.9.0-1.1 | Feb 25, 2026 | Coturn is a free open source implementation of TURN and STUN Server. Coturn is commonly configured to block loopback and internal ranges using "denied-peer-ip" and/or default loopback restrictions. CVE-2020-26262 addressed bypasses involving "0.0.0.0", "[::1]" and "[::]", but IPv | ||
| CVE-2025-69217 | Hig | 7.7 | < 4.9.0-1.1 | 4.9.0-1.1 | Dec 30, 2025 | coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RAND_bytes but libc's random | |
| CVE-2020-26262 | — | < 4.5.2-2.2 | 4.5.2-2.2 | Jan 13, 2021 | Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.x.x.x`. However, it was observed that when sending a `CONNECT` request with the ` | ||
| CVE-2020-4067 | — | < 4.5.2-2.2 | 4.5.2-2.2 | Jun 29, 2020 | In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interes | ||
| CVE-2020-6061 | — | < 4.5.2-2.2 | 4.5.2-2.2 | Feb 19, 2020 | An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerabili |
- CVE-2026-27624Feb 25, 2026affected < 4.9.0-1.1fixed 4.9.0-1.1
Coturn is a free open source implementation of TURN and STUN Server. Coturn is commonly configured to block loopback and internal ranges using "denied-peer-ip" and/or default loopback restrictions. CVE-2020-26262 addressed bypasses involving "0.0.0.0", "[::1]" and "[::]", but IPv
- affected < 4.9.0-1.1fixed 4.9.0-1.1
coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RAND_bytes but libc's random
- CVE-2020-26262Jan 13, 2021affected < 4.5.2-2.2fixed 4.5.2-2.2
Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.x.x.x`. However, it was observed that when sending a `CONNECT` request with the `
- CVE-2020-4067Jun 29, 2020affected < 4.5.2-2.2fixed 4.5.2-2.2
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interes
- CVE-2020-6061Feb 19, 2020affected < 4.5.2-2.2fixed 4.5.2-2.2
An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerabili