CVE-2021-46322

Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c.

The product does not release or incorrectly releases a resource before it is made available for re-use.

Name	Vendor	Start Version	End Version
Duktape	Duktape_project	2.99.99 (including)	2.99.99 (including)
Ceph	Ubuntu	hirsute	*
Ceph	Ubuntu	trusty	*
Ceph	Ubuntu	xenial	*
Duktape	Ubuntu	bionic	*
Duktape	Ubuntu	esm-apps/focal	*
Duktape	Ubuntu	focal	*
Duktape	Ubuntu	hirsute	*
Duktape	Ubuntu	impish	*
Duktape	Ubuntu	trusty	*
Duktape	Ubuntu	upstream	*
Duktape	Ubuntu	xenial	*
Mariadb-10.0	Ubuntu	xenial	*
Mariadb-10.1	Ubuntu	bionic	*
Mariadb-10.3	Ubuntu	focal	*
Mariadb-10.5	Ubuntu	hirsute	*
Mariadb-10.5	Ubuntu	impish	*
Mariadb-5.5	Ubuntu	trusty	*
Mysql-5.5	Ubuntu	esm-infra-legacy/trusty	*
Mysql-5.5	Ubuntu	trusty	*
Mysql-5.5	Ubuntu	trusty/esm	*
Mysql-5.6	Ubuntu	trusty	*
Mysql-5.7	Ubuntu	xenial	*
Mysql-8.0	Ubuntu	hirsute	*
Mysql-8.0	Ubuntu	impish	*
Percona-server-5.6	Ubuntu	xenial	*
Percona-xtradb-cluster-5.5	Ubuntu	trusty	*
Percona-xtradb-cluster-5.6	Ubuntu	xenial	*

Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.

NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-46322
CWE	https://cwe.mitre.org/data/definitions/404.html

Improper Resource Shutdown or Release