CVE-2021-41556 : sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bound

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. An attacker might abuse this bug to target (for example) Cloud services that allow customization via SquirrelScripts, or distribute malware through video games that embed a Squirrel Engine.

Published 2022-07-28 21:15:08

Updated 2022-12-09 16:35:44

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2021-41556

Fedoraproject » Fedora » Version: 35
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 36
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
Matching versions
Squirrel-lang » Squirrel
Versions up to, including, (<=) 2.2.5
cpe:2.3:a:squirrel-lang:squirrel:*:*:*:*:*:*:*:*
Matching versions
Squirrel-lang » Squirrel
Versions from including (>=) 3.0 and up to, including, (<=) 3.1
cpe:2.3:a:squirrel-lang:squirrel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-41556

EPSS FAQ

0.40%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 60 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-41556

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	3.9	6.0	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-41556

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-41556

http://www.squirrel-lang.org/#download

Squirrel - The Programming Language
Third Party Advisory
https://blog.sonarsource.com/squirrel-vm-sandbox-escape/

Squirrel Sandbox Escape allows Code Execution in Games and Cloud Services
Exploit;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M3FQILX7UUEERSDPMZP3MKGTMY2E7ESU/

[SECURITY] Fedora 36 Update: squirrel-2.2.5-25.fc36 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BV7SJJ44AGAX4ILIVPREIXPJ2GOG3FKV/

[SECURITY] Fedora 35 Update: squirrel-2.2.5-25.fc35 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://github.com/albertodemichelis/squirrel/commit/23a0620658714b996d20da3d4dd1a0dcf9b0bd98

check max member count in class · albertodemichelis/squirrel@23a0620 · GitHub
Patch;Third Party Advisory

Jump to

Vulnerability Details : CVE-2021-41556

Products affected by CVE-2021-41556

Exploit prediction scoring system (EPSS) score for CVE-2021-41556

CVSS scores for CVE-2021-41556

CWE ids for CVE-2021-41556

References for CVE-2021-41556