Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 831659 (CVE-2021-46322)

Summary: <dev-lang/duktape-2.7.0: segmentation fault in duk_push_tval
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: maintainer-needed, sam
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/svaarala/duktape/issues/2448
See Also: https://github.com/svaarala/duktape/pull/2451
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-21 02:02:23 UTC 
CVE-2021-46322:

Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-02-19 02:55:46 UTC 
Planned for 3.x. I don't know if 2.x is even vulnerable, or if this is just referring to a prerelease.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-17 18:04:23 UTC 
Looks like a fix was merged upstream for 2.7.0:

https://github.com/svaarala/duktape/commit/a851d8a5687356b1d6ad0f8f39d6226947f17b27