gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c.
Created gssproxy tracking bugs for this issue:
Affects: fedora-all [bug 1918259]
Hi, we (gssproxy upstream) do not believe this is a CVE and MITRE has marked it as disputed, per our request: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12658
Please do not create trackers that we have to close.
hey @tcullum I agree with the discussion @rharwood, this was my understanding as well
Red Hat Product Security does not view this as a security vulnerability because no service will be denied since the bug is triggered on an exit path of the program, which means that the program would already be stopping service and thus a malicious attacker would gain no impact to availability by triggering the bug.