CNNVD-202512-5486 Information
CNNVD ID
CNNVD-202512-5486
Related CVE
- CNNVD Published: 2025-12-30
Description (Chinese)
Coturn是Coturn开源的一款TURN(VoIP媒体业务NAT穿越服务器和网关)和STUN(用户数据报协议简单穿越网络地址转换器)Server的开源实现。 Coturn 4.6.2r5版本至4.7.0-r4版本存在安全特征问题漏洞,该漏洞源于随机数生成器不安全,可能导致身份验证绕过和端口预测。
Description (English)
Coturn is an open source for the Coturn Open Source (VoIP Media Operations NAT crossing servers and gateways) and STUN (user data reporting protocol simply crossing the Web Address Converter) Server. There is a security feature loophole in the Corturn 4.6.2r5 to 4.7.0-r4 versions, which stems from the insecurity of the random number generator, which may lead to identification bypasses and port predictions.
Hazard Level
Medium
Vulnerability Type
安全特征问题
Affected Vendor
Coturn
Published
2025-12-30
Last Modified
2026-02-24
References
https://github.com/coturn/coturn/commit/11fc465f4bba70bb0ad8aae17d6c4a63a29917d9 https://github.com/coturn/coturn/commit/88ced471385869d7e7fbbc4766e78ef521b36af6 https://github.com/coturn/coturn/security/advisories/GHSA-fvj6-9jhg-9j84
Patch
https://github.com/coturn/coturn/releases
Share on: