An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability.
CVE-2020-6062: An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability. References: ttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6062 https://nvd.nist.gov/vuln/detail/CVE-2020-6062
@maintainer(s), please create an appropriate ebuild
It looked like the net-im/coturn maintainer might not be cc'ed on this 3+ month old security bug; added them.
I bumped 4.5.1.2 now and removed the older version. Sorry for the delay!
(In reply to Andreas Schürch from comment #4) > I bumped 4.5.1.2 now and removed the older version. > Sorry for the delay! No worries. Thank you! Unstable so no GLSA, all done here. Closing.