Bug 1918258 (CVE-2020-12658) - CVE-2020-12658 gssproxy: not unlocking cond_mutex before pthread exit in gp_worker_main() in gp_workers.c
Summary: CVE-2020-12658 gssproxy: not unlocking cond_mutex before pthread exit in gp_w...
Alias: CVE-2020-12658
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1918259 1918315 1918316
Blocks: 1918260
TreeView+ depends on / blocked
Reported: 2021-01-20 10:51 UTC by Marian Rehak
Modified: 2021-05-24 07:05 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2021-05-24 07:05:06 UTC

Attachments (Terms of Use)

Description Marian Rehak 2021-01-20 10:51:40 UTC
gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c.



Comment 1 Marian Rehak 2021-01-20 10:52:05 UTC
Created gssproxy tracking bugs for this issue:

Affects: fedora-all [bug 1918259]

Comment 3 Robbie Harwood 2021-01-20 15:12:00 UTC
Hi, we (gssproxy upstream) do not believe this is a CVE and MITRE has marked it as disputed, per our request: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12658

Please do not create trackers that we have to close.

Comment 7 lnacshon 2021-01-25 08:48:44 UTC
hey @tcullum I agree with the discussion @rharwood, this was my understanding as well

Comment 10 Todd Cullum 2021-01-25 19:41:43 UTC

Red Hat Product Security does not view this as a security vulnerability because no service will be denied since the bug is triggered on an exit path of the program, which means that the program would already be stopping service and thus a malicious attacker would gain no impact to availability by triggering the bug.

Note You need to log in before you can comment on or make changes to this bug.