A vulnerability has been found in gssproxy up to 0.8.2 (Firewall Software) and classified as problematic. Affected by this vulnerability is the function gp_worker_main of the file gp_workers.c. The manipulation of the argument cond_mutex with an unknown input leads to a unknown weakness. The CWE definition for the vulnerability is CWE-667. The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors. The impact remains unknown. The summary by CVE is:

gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem.

The weakness was published 12/31/2020. It is possible to read the advisory at pagure.io. This vulnerability is known as CVE-2020-12658. Technical details of the vulnerability are known, but there is no available exploit.

The real existence of this vulnerability is still doubted at the moment.

Upgrading to version 0.8.3 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying a patch is able to eliminate this problem. The bugfix is ready for download at pagure.io. The best possible mitigation is suggested to be upgrading to the latest version.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• Firewall Software

Name

• gssproxy

Version

• 0.8.0
• 0.8.1
• 0.8.2

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion