9 matches found
openSUSE: Security Advisory for squirrel (openSUSE-SU-2023:0080-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2023-0150 Updated squirrel/supertux packages fix security vulnerability
sqclass.cpp in Squirrel 3.1 allows an out-of-bounds read in the core interpreter that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as Fi...
Mageia: Security Advisory (MGASA-2023-0150)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE 15 Security Update : squirrel (openSUSE-SU-2023:0080-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2023:0080-1 advisory. - sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read in the core interpreter that can lead to Code Execution. If a...
Security update for squirrel (moderate)
openSUSE Security Update: Security update for squirrel Announcement ID: openSUSE-SU-2023:0080-1 Rating: moderate References: 1201974 Cross-References: CVE-2021-41556 CVSS scores: CVE-2021-41556 NVD : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP4 ...
CVE-2021-41556
CVE-2021-41556 affects the Squirrel engine (sqclass.cpp in the core interpreter) up to Squirrel 2.2.5 and 3.x up to 3.1. The vulnerability is an out-of-bounds read in the interpreter that can lead to code execution when a victim runs attacker-controlled Squirrel scripts, potentially breaking out ...
CVE-2021-41556
sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read in the core interpreter that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all...
Squirrel Bug Lets Attackers Execute Code in Games, Cloud Services
An out-of-bounds read vulnerability in the Squirrel programming language lets attackers break out of sandbox restrictions and execute arbitrary code within a Squirrel virtual machine VM, thus giving a malicious actor complete access to the underlying machine. Given where Squirrel lives – in games...
Squirrel Sandbox Escape allows Code Execution in Games and Cloud Services
SquirrelLang is an interpreted, open-source programming language that is used by video games and cloud services for customization and plugin development. For example, the extremely popular game Counter-Strike: Global Offensive CS:GO attracts millions of players on a monthly basis and utilizes the...