VDB

CVE-2021-41556

CVE-2021-41556 PUBLISHED CVSS 10 CRITICAL

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. An attacker might abuse this bug to target (for example) Cloud services that allow customization via SquirrelScripts, or distribute malware through video games that embed a Squirrel Engine.

EPSS 2.70% · 86.2th percentile

Risk Scores

CVSS 3.1
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
2.70%
86.2th percentile

Affected Products

VendorProductVersions
n/an/an/a
squirrel-langsquirrel0, 3.0
fedoraprojectfedora36, 35

Timeline

  • Jul 28, 2022 CVE Published
  • Jul 29, 2022 EPSS Score
  • Aug 6, 2022 EPSS Score
  • Aug 6, 2022 CVE Updated
  • Sep 14, 2022 EPSS Score
  • Dec 16, 2022 EPSS Score
  • Jan 31, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 19, 2023 EPSS Score
  • Jun 20, 2023 EPSS Score
  • Aug 6, 2023 EPSS Score
  • Sep 21, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›