{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states \"We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T21:55:23", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://pagure.io/gssproxy/c/cb761412e299ef907f22cd7c4146d50c8a792003?branch=master"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/gssapi/gssproxy/compare/v0.8.2...v0.8.3"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/gssapi/gssproxy/commit/cb761412e299ef907f22cd7c4146d50c8a792003"}, {"name": "[debian-lts-announce] 20210104 [SECURITY] [DLA 2516-1] gssproxy security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00004.html"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-12658", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states \"We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://pagure.io/gssproxy/c/cb761412e299ef907f22cd7c4146d50c8a792003?branch=master", "refsource": "MISC", "url": "https://pagure.io/gssproxy/c/cb761412e299ef907f22cd7c4146d50c8a792003?branch=master"}, {"name": "https://github.com/gssapi/gssproxy/compare/v0.8.2...v0.8.3", "refsource": "MISC", "url": "https://github.com/gssapi/gssproxy/compare/v0.8.2...v0.8.3"}, {"name": "https://github.com/gssapi/gssproxy/commit/cb761412e299ef907f22cd7c4146d50c8a792003", "refsource": "MISC", "url": "https://github.com/gssapi/gssproxy/commit/cb761412e299ef907f22cd7c4146d50c8a792003"}, {"name": "[debian-lts-announce] 20210104 [SECURITY] [DLA 2516-1] gssproxy security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00004.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:04:22.658Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://pagure.io/gssproxy/c/cb761412e299ef907f22cd7c4146d50c8a792003?branch=master"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/gssapi/gssproxy/compare/v0.8.2...v0.8.3"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/gssapi/gssproxy/commit/cb761412e299ef907f22cd7c4146d50c8a792003"}, {"name": "[debian-lts-announce] 20210104 [SECURITY] [DLA 2516-1] gssproxy security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00004.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-12658", "datePublished": "2020-12-31T00:17:50", "dateReserved": "2020-05-05T00:00:00", "dateUpdated": "2024-08-04T12:04:22.658Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gssproxy_project:gssproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "49B6C938-D1D0-4618-B7DD-BFF581135BE5", "versionEndExcluding": "0.8.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states \"We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem."}, {"lang": "es", "value": "** EN DISPUTA ** gssproxy (tambi\u00e9n se conoce como gss-proxy) versiones anteriores a 0.8.3 no desbloquea cond_mutex antes de la salida de pthread en la funci\u00f3n gp_worker_main() en el archivo gp_workers.c. NOTA: Un comentario de la corriente ascendente dice: \"Ya estamos en una ruta de apagado al ejecutar el c\u00f3digo en cuesti\u00f3n, por lo que un DoS all\u00ed no tiene ning\u00fan sentido, y no se nos ha proporcionado informaci\u00f3n adicional (como corriente ascendente) para indicar por qu\u00e9 esto ser\u00eda un problema\"."}], "id": "CVE-2020-12658", "lastModified": "2024-08-04T12:15:51.017", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-31T01:15:12.553", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/gssapi/gssproxy/commit/cb761412e299ef907f22cd7c4146d50c8a792003"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/gssapi/gssproxy/compare/v0.8.2...v0.8.3"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00004.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://pagure.io/gssproxy/c/cb761412e299ef907f22cd7c4146d50c8a792003?branch=master"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "gssproxy: not unlocking cond_mutex before pthread exit in gp_worker_main() in gp_workers.c", "id": "1918258", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918258"}, "csaw": false, "cvss3": {"cvss3_base_score": "0.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "status": "draft"}, "cwe": "CWE-667", "details": ["gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states \"We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem."], "name": "CVE-2020-12658", "public_date": "2020-12-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-12658\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12658\nhttps://github.com/gssapi/gssproxy/commit/cb761412e299ef907f22cd7c4146d50c8a792003#commitcomment-45670376"], "statement": "Red Hat Product Security does not view this as a security vulnerability because no service will be denied since the bug is triggered on an exit path of the program, which means that the program would already be stopping service and thus a malicious attacker would gain no impact to availability by triggering the bug."}