PT-2020-13190 · Mit+4 · Gssproxy+4

Published

2020-04-20

Updated

2024-08-04

CVE-2020-12658

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions gssproxy versions prior to 0.8.3

Description The issue is related to the gssproxy (aka gss-proxy) not unlocking cond mutex before pthread exit in gp worker main() in gp workers.c. It is noted that the code in question is already on a shutdown path, which may not make a Denial of Service (DoS) a significant concern. However, there is a lack of additional information to indicate why this would be a problem.

Recommendations For versions prior to 0.8.3, update to version 0.8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the gp worker main() function in gp workers.c until a patch is available.

Fix

DoS

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

ALT-PU-2020-1785

ALT-PU-2020-2172

CVE-2020-12658

DLA-2516-1

MGASA-2021-0081

OESA-2021-1037

OPENSUSE-SU-2021:0531-1

OPENSUSE-SU-2021_0531-1

SUSE-SU-2021:1029-1

SUSE-SU-2021:1030-1

SUSE-SU-2021_1029-1

SUSE-SU-2021_1030-1

Affected Products

Alt Linux

Astra Linux

Debian

Suse

Gssproxy

PT-2020-13190 · Mit+4 · Gssproxy+4

CVE-2020-12658

Weakness Enumeration

Related Identifiers

Affected Products

References · 28