CVE-2021-46322

Note

since 5.5 is no longer upstream supported and so far we cannot
patch it, marking it as ignored.

Author	Note
leosilva	since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored.
mdeslaur	fix is in the src-input/duk_js_call.c file, which is not included in mysql

Package	Release	Status
ceph Launchpad, Ubuntu, Debian	jammy	Not vulnerable (duktape not compiled)
	kinetic	Not vulnerable (duktape not compiled)
	lunar	Not vulnerable (duktape not compiled)
	trusty	Not vulnerable (duktape not compiled)
	upstream	Not vulnerable (duktape not compiled)
	xenial	Not vulnerable (duktape not compiled)
	bionic	Not vulnerable (duktape not compiled)
	focal	Not vulnerable (duktape not compiled)
	impish	Not vulnerable (duktape not compiled)
	hirsute	Ignored (end of life)
	mantic	Not vulnerable (duktape not compiled)
duktape Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Needed
	impish	Ignored (end of life)
	jammy	Not vulnerable (2.7.0-1)
	kinetic	Not vulnerable (2.7.0-1)
	lunar	Not vulnerable (2.7.0-2)
	trusty	Ignored (end of standard support)
	upstream	Released (2.7.0)
	xenial	Ignored (end of standard support)
	hirsute	Ignored (end of life)
	mantic	Not vulnerable (2.7.0+tests-0ubuntu2)
	Patches: upstream: https://github.com/svaarala/duktape/pull/2451 upstream: https://github.com/svaarala/duktape/commit/fc75060165a011ff5ec43bfebea0c37a3d1baca1
mariadb-10.0 Launchpad, Ubuntu, Debian	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	xenial	Needs triage
	bionic	Does not exist
	focal	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	mantic	Does not exist
mariadb-10.1 Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
	mantic	Does not exist
mariadb-10.3 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Needs triage
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
	mantic	Does not exist
mariadb-10.5 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Does not exist
	hirsute	Ignored (end of life)
	impish	Ignored (end of life)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
mariadb-5.5 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
	mantic	Does not exist
mysql-5.5 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	trusty	Ignored
	upstream	Needs triage
	vivid	Does not exist
	xenial	Does not exist
	mantic	Does not exist
mysql-5.6 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
	mantic	Does not exist
mysql-5.7 Launchpad, Ubuntu, Debian	bionic	Not vulnerable (code not present)
	focal	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Not vulnerable (code not present)
	mantic	Does not exist
mysql-8.0 Launchpad, Ubuntu, Debian	bionic	Does not exist
	hirsute	Ignored (end of life)
	jammy	Not vulnerable (code not present)
	kinetic	Not vulnerable (code not present)
	lunar	Not vulnerable (code not present)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
	focal	Not vulnerable (code not present)
	impish	Ignored (end of life)
	mantic	Not vulnerable (code not present)
percona-server-5.6 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Needs triage
	mantic	Does not exist
percona-xtradb-cluster-5.5 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
	mantic	Does not exist
percona-xtradb-cluster-5.6 Launchpad, Ubuntu, Debian	bionic	Does not exist
	focal	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	lunar	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Needs triage
	mantic	Does not exist

Parameter	Value
Base score	5.5
Attack vector	Local
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Security

CVE-2021-46322

Notes

Priority

Cvss 3 Severity Score

Status

Severity score breakdown

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading