CVE-2021-41556
10.0 CRITICALsqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Ex...
Published: 2022-07-28 · Last updated: 2026-05-29
Severity and scoring
- CVSS
- 10.0 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- CWE
- CWE-125
Affected products
| Vendor | Product |
|---|---|
| fedoraproject | fedora, squirrel |
| squirrel-lang | fedora, squirrel |
Description
sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. An attacker might abuse this bug to target (for example) Cloud services that allow customization via SquirrelScripts, or distribute malware through video games that embed a Squirrel Engine.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-41556
- [Other]http://www.squirrel-lang.org/#download
- [Exploit reference]https://blog.sonarsource.com/squirrel-vm-sandbox-escape/
- [Patch]https://github.com/albertodemichelis/squirrel/commit/23a0620658714b996d20da3d4dd1a0dcf9b0bd98
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV7SJJ44AGAX4ILIVPREIXPJ2GOG3FKV/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3FQILX7UUEERSDPMZP3MKGTMY2E7ESU/
- [Other]http://www.squirrel-lang.org/#download
- [Exploit reference]https://blog.sonarsource.com/squirrel-vm-sandbox-escape/
- [Patch]https://github.com/albertodemichelis/squirrel/commit/23a0620658714b996d20da3d4dd1a0dcf9b0bd98
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV7SJJ44AGAX4ILIVPREIXPJ2GOG3FKV/
- [Other]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3FQILX7UUEERSDPMZP3MKGTMY2E7ESU/
- [Other]https://www.sonarsource.com/blog/squirrel-vm-sandbox-escape/
Related CVEs
Same vendor
- CVE-2026-9541 — A security flaw has been discovered in Squirrel up to 3.2 (5.3 MEDIUM)
- CVE-2024-28960 — An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto (8.2 HIGH)
- CVE-2023-51767 — OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer ... (7.0 HIGH)
- CVE-2023-43615 — Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow (7.5 HIGH)
- CVE-2023-25136 — OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling (6.5 MEDIUM)
Same CWE
- CVE-2026-54413 — driftregion iso14229 through 0.9.0 contains an integer underflow and downstream out-of-bounds read in the Handle_0x27_SecurityAccess() fu... (8.2 HIGH)
- CVE-2026-54412 — LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqtt_unpack_publish_respons... (8.2 HIGH)
- CVE-2025-9033 — Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Co... (7.8 HIGH)
- CVE-2025-9032 — Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Local Executio... (7.8 HIGH)
- CVE-2025-7017 — Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows MSI file may allow Local Executi... (7.8 HIGH)