9 matches found
openSUSE: Security Advisory for squirrel (openSUSE-SU-2023:0080-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2023-0150 Updated squirrel/supertux packages fix security vulnerability
sqclass.cpp in Squirrel 3.1 allows an out-of-bounds read in the core interpreter that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as Fi...
Mageia: Security Advisory (MGASA-2023-0150)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE 15 Security Update : squirrel (openSUSE-SU-2023:0080-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2023:0080-1 advisory. - sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read in the core interpreter that can lead to Code Execution. If a...
Security update for squirrel (moderate)
openSUSE Security Update: Security update for squirrel Announcement ID: openSUSE-SU-2023:0080-1 Rating: moderate References: 1201974 Cross-References: CVE-2021-41556 CVSS scores: CVE-2021-41556 NVD : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP4 ...
CVE-2021-41556
sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read in the core interpreter that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all...
CVE-2021-41556
CVE-2021-41556 affects the Squirrel engine (sqclass.cpp in the core interpreter) up to Squirrel 2.2.5 and 3.x up to 3.1. The vulnerability is an out-of-bounds read in the interpreter that can lead to code execution when a victim runs attacker-controlled Squirrel scripts, potentially breaking out ...
Squirrel Bug Lets Attackers Execute Code in Games, Cloud Services
An out-of-bounds read vulnerability in the Squirrel programming language lets attackers break out of sandbox restrictions and execute arbitrary code within a Squirrel virtual machine VM, thus giving a malicious actor complete access to the underlying machine. Given where Squirrel lives – in games...
Squirrel Sandbox Escape allows Code Execution in Games and Cloud Services
SquirrelLang is an interpreted, open-source programming language that is used by video games and cloud services for customization and plugin development. For example, the extremely popular game Counter-Strike: Global Offensive CS:GO attracts millions of players on a monthly basis and utilizes the...