Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 831659 (CVE-2021-46322) - <dev-lang/duktape-2.7.0: segmentation fault in duk_push_tval
Summary: <dev-lang/duktape-2.7.0: segmentation fault in duk_push_tval
Status: IN_PROGRESS
Alias: CVE-2021-46322
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/svaarala/duktape/i...
Whiteboard: B3 [glsa?]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-01-21 02:02 UTC by John Helmert III
Modified: 2022-08-17 18:04 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-21 02:02:23 UTC
CVE-2021-46322:

Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-02-19 02:55:46 UTC
Planned for 3.x. I don't know if 2.x is even vulnerable, or if this is just referring to a prerelease.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-17 18:04:23 UTC
Looks like a fix was merged upstream for 2.7.0:

https://github.com/svaarala/duktape/commit/a851d8a5687356b1d6ad0f8f39d6226947f17b27