gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem.
References
Link | Resource |
---|---|
https://github.com/gssapi/gssproxy/commit/cb761412e299ef907f22cd7c4146d50c8a792003 | Patch Third Party Advisory |
https://github.com/gssapi/gssproxy/compare/v0.8.2...v0.8.3 | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/01/msg00004.html | Mailing List Third Party Advisory |
https://pagure.io/gssproxy/c/cb761412e299ef907f22cd7c4146d50c8a792003?branch=master | Third Party Advisory |
Configurations
History
07 Nov 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
Summary | gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem. |
08 Feb 2021, 13:46
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
06 Jan 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
Summary | ** DISPUTED ** gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem." |
05 Jan 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:gssproxy_project:gssproxy:*:*:*:*:*:*:*:* | |
CWE | CWE-667 | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
References | (MISC) https://github.com/gssapi/gssproxy/commit/cb761412e299ef907f22cd7c4146d50c8a792003 - Patch, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/01/msg00004.html - Mailing List, Third Party Advisory | |
References | (MISC) https://github.com/gssapi/gssproxy/compare/v0.8.2...v0.8.3 - Third Party Advisory | |
References | (MISC) https://pagure.io/gssproxy/c/cb761412e299ef907f22cd7c4146d50c8a792003?branch=master - Third Party Advisory |
04 Jan 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Dec 2020, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2020-12-31 01:15
Updated : 2024-04-11 01:06
NVD link : CVE-2020-12658
Mitre link : CVE-2020-12658
CVE.ORG link : CVE-2020-12658
JSON object : View
Products Affected
debian
- debian_linux
gssproxy_project
- gssproxy
CWE
CWE-667
Improper Locking