VYPR

rpm package

opensuse/coturn&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/coturn&distro=openSUSE%20Tumbleweed

Vulnerabilities (5)

  • CVE-2026-27624Feb 25, 2026
    affected < 4.9.0-1.1fixed 4.9.0-1.1

    Coturn is a free open source implementation of TURN and STUN Server. Coturn is commonly configured to block loopback and internal ranges using "denied-peer-ip" and/or default loopback restrictions. CVE-2020-26262 addressed bypasses involving "0.0.0.0", "[::1]" and "[::]", but IPv

  • CVE-2025-69217HigDec 30, 2025
    affected < 4.9.0-1.1fixed 4.9.0-1.1

    coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RAND_bytes but libc's random

  • CVE-2020-26262Jan 13, 2021
    affected < 4.5.2-2.2fixed 4.5.2-2.2

    Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.x.x.x`. However, it was observed that when sending a `CONNECT` request with the `

  • CVE-2020-4067Jun 29, 2020
    affected < 4.5.2-2.2fixed 4.5.2-2.2

    In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interes

  • CVE-2020-6061Feb 19, 2020
    affected < 4.5.2-2.2fixed 4.5.2-2.2

    An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerabili