CVE-2020-12658

gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem.
Configurations

Configuration 1 (hide)

cpe:2.3:a:gssproxy_project:gssproxy:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

07 Nov 2023, 03:15

Type Values Removed Values Added
Summary ** DISPUTED ** gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem." gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem.

08 Feb 2021, 13:46

Type Values Removed Values Added
CPE cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

06 Jan 2021, 22:15

Type Values Removed Values Added
Summary gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. ** DISPUTED ** gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem."

05 Jan 2021, 21:15

Type Values Removed Values Added
CPE cpe:2.3:a:gssproxy_project:gssproxy:*:*:*:*:*:*:*:*
CWE CWE-667
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
References (MISC) https://github.com/gssapi/gssproxy/commit/cb761412e299ef907f22cd7c4146d50c8a792003 - (MISC) https://github.com/gssapi/gssproxy/commit/cb761412e299ef907f22cd7c4146d50c8a792003 - Patch, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2021/01/msg00004.html - (MLIST) https://lists.debian.org/debian-lts-announce/2021/01/msg00004.html - Mailing List, Third Party Advisory
References (MISC) https://github.com/gssapi/gssproxy/compare/v0.8.2...v0.8.3 - (MISC) https://github.com/gssapi/gssproxy/compare/v0.8.2...v0.8.3 - Third Party Advisory
References (MISC) https://pagure.io/gssproxy/c/cb761412e299ef907f22cd7c4146d50c8a792003?branch=master - (MISC) https://pagure.io/gssproxy/c/cb761412e299ef907f22cd7c4146d50c8a792003?branch=master - Third Party Advisory

04 Jan 2021, 19:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2021/01/msg00004.html -

31 Dec 2020, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2020-12-31 01:15

Updated : 2024-05-17 01:42


NVD link : CVE-2020-12658

Mitre link : CVE-2020-12658

CVE.ORG link : CVE-2020-12658


JSON object : View

Products Affected

debian

  • debian_linux

gssproxy_project

  • gssproxy
CWE
CWE-667

Improper Locking