Out-of-Bounds Read in Squirrel Interpreter by Squirrel
CVE-2021-41556

10CRITICAL

Key Information:

Vendor

Squirrel-lang

Status
Squirrel
Vendor
CVE Published:
28 July 2022

What is CVE-2021-41556?

The vulnerability identified in the Squirrel interpreter allows for out-of-bounds reads, potentially leading to code execution. If an attacker manages to lure a victim into executing a modified Squirrel script, they can break out of the script's sandbox environment, even with all high-risk functionalities disabled. This vulnerability poses a risk to cloud services utilizing Squirrel scripts for customization, and it can also be exploited in video games implementing the Squirrel engine, enabling malware distribution.

References

https://github.com/albertodemichelis/squirrel/commit/23a0...
x_refsource_MISC
http://www.squirrel-lang.org/#download
x_refsource_MISC
https://blog.sonarsource.com/squirrel-vm-sandbox-escape/
x_refsource_MISC

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.