CVE-2020-4067— Improper Initialization in coturn

CVSS 7.0 · High EPSS 1.10% · P78 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-4067

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Improper Initialization in coturn

Source: NVD (National Vulnerability Database)

Vulnerability Description

In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

初始化不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

CoTURN 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

CoTURN是一款TURN（VoIP媒体业务NAT穿越服务器和网关）和STUN（用户数据报协议简单穿越网络地址转换器）Server的开源实现。 CoTURN 4.5.1.3之前版本中存在安全漏洞，该漏洞源于程序没有正确初始化STUN/TURN响应缓冲区。攻击者可利用该漏洞获取信息。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
coturn	coturn	>= 5.1.1, < 6.0.0	-

II. Public POCs for CVE-2020-4067

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

Qwen3.6-35B-A3B · 7771 chars

Paid plan includes:

In-depth vulnerability mechanism

Trigger conditions & impact

Full executable POC code

Exploit chain & mitigation

POC zip download

100+ AI POC generations per month

Upgrade Pro to unlock ¥99/month Sign up first

III. Intelligence Information for CVE-2020-4067

请登录查看更多情报信息。

https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcmx_refsource_CONFIRM
https://github.com/coturn/coturn/blob/aab60340b201d55c007bcdc853230f47aa2dfdf1/ChangeLog#L15x_refsource_MISC
https://github.com/coturn/coturn/issues/583x_refsource_MISC
https://usn.ubuntu.com/4415-1/vendor-advisoryx_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00010.htmlvendor-advisoryx_refsource_SUSE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNJJO77ZLGGFJWNUGP6VDG5HPAC5UDBK/vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5G35UBNSRLL6SYRTODYTMBJ65TLQILUM/vendor-advisoryx_refsource_FEDORA
https://lists.debian.org/debian-lts-announce/2020/07/msg00002.htmlmailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2020-4067

IV. Related Vulnerabilities

Same product: coturn

Same vendor: coturn

Same weakness: CWE-665

V. Comments for CVE-2020-4067

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-4067— Improper Initialization in coturn

I. Basic Information for CVE-2020-4067

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2020-4067

III. Intelligence Information for CVE-2020-4067

IV. Related Vulnerabilities

V. Comments for CVE-2020-4067

Leave a comment