Vulnerability Details CVE-2020-12658
gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/gssapi/gssproxy/commit/cb761412e299ef907f22cd7c4146d50c8a792003
- https://github.com/gssapi/gssproxy/compare/v0.8.2...v0.8.3
- https://lists.debian.org/debian-lts-announce/2021/01/msg00004.html
- https://pagure.io/gssproxy/c/cb761412e299ef907f22cd7c4146d50c8a792003?branch=master
- https://github.com/gssapi/gssproxy/commit/cb761412e299ef907f22cd7c4146d50c8a792003
- https://github.com/gssapi/gssproxy/compare/v0.8.2...v0.8.3
- https://lists.debian.org/debian-lts-announce/2021/01/msg00004.html
- https://pagure.io/gssproxy/c/cb761412e299ef907f22cd7c4146d50c8a792003?branch=master
Products affected by CVE-2020-12658
-
cpe:2.3:a:gssproxy_project:gssproxy:0.0.2
-
cpe:2.3:a:gssproxy_project:gssproxy:0.0.3
-
cpe:2.3:a:gssproxy_project:gssproxy:0.1.0
-
cpe:2.3:a:gssproxy_project:gssproxy:0.1.1
-
cpe:2.3:a:gssproxy_project:gssproxy:0.2.0
-
cpe:2.3:a:gssproxy_project:gssproxy:0.2.1
-
cpe:2.3:a:gssproxy_project:gssproxy:0.2.2
-
cpe:2.3:a:gssproxy_project:gssproxy:0.2.3
-
cpe:2.3:a:gssproxy_project:gssproxy:0.3.0
-
cpe:2.3:a:gssproxy_project:gssproxy:0.3.1
-
cpe:2.3:a:gssproxy_project:gssproxy:0.4.0
-
cpe:2.3:a:gssproxy_project:gssproxy:0.4.1
-
cpe:2.3:a:gssproxy_project:gssproxy:0.5.0
-
cpe:2.3:a:gssproxy_project:gssproxy:0.5.1
-
cpe:2.3:a:gssproxy_project:gssproxy:0.6.0
-
cpe:2.3:a:gssproxy_project:gssproxy:0.6.1
-
cpe:2.3:a:gssproxy_project:gssproxy:0.6.2
-
cpe:2.3:a:gssproxy_project:gssproxy:0.7.0
-
cpe:2.3:a:gssproxy_project:gssproxy:0.8.0
-
cpe:2.3:a:gssproxy_project:gssproxy:0.8.1
-
cpe:2.3:a:gssproxy_project:gssproxy:0.8.2
-
cpe:2.3:o:debian:debian_linux:9.0