CVE-2021-46322

NameCVE-2021-46322
DescriptionDuktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3378-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
duktape (PTS)bullseye2.5.0-2+deb11u1fixed
sid, trixie, bookworm2.7.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
duktapesourcebuster2.3.0-1+deb10u1DLA-3378-1
duktapesourcebullseye2.5.0-2+deb11u1
duktapesource(unstable)2.7.0-1

Notes

https://github.com/svaarala/duktape/issues/2448
https://github.com/svaarala/duktape/pull/2451
https://github.com/svaarala/duktape/commit/fc75060165a011ff5ec43bfebea0c37a3d1baca1
https://github.com/svaarala/duktape/commit/a851d8a5687356b1d6ad0f8f39d6226947f17b27 (v2.7.0)

Search for package or bug name: Reporting problems