VDB
GCVE-110-MAGEIA-2023-150
GCVE-110-MAGEIA-2023-150
Advisory Published
sqclass.cpp in Squirrel 3.1 allows an out-of-bounds read (in the core
interpreter) that can lead to Code Execution. If a victim executes an
attacker-controlled squirrel script, it is possible for the attacker to
break out of the squirrel script sandbox even if all dangerous
functionality such as File System functions has been disabled. An
attacker might abuse this bug to target (for example) Cloud services
that allow customization via SquirrelScripts, or distribute malware
through video games that embed a Squirrel Engine. (CVE-2021-41556)
supertux has been rebuilt as it uses a bundled copy of squirrel.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | squirrel | 0 (affected), 3.2-1.mga8 (unaffected), 0 (affected), 3.2-1.mga8 (unaffected) | — |
| Mageia | supertux | 0 (affected), 0 (affected), 0.6.2-4.2.mga8 (unaffected), 0.6.2-4.2.mga8 (unaffected) | — |
| Mageia | lyx | 2.3.7-1.1.mga9 (unaffected), 0 (affected) | — |
Aliases
References
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.