Is CVE-2021-41556 actively exploited?

CVE-2021-41556 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2021-41556?

CVE-2021-41556 has a CVSS score of 10 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

How do I patch CVE-2021-41556?

Patch guidance is available from squirrel-lang security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2021-41556.

Fix CVE-2021-41556 - CRITICAL squirrel-lang squirrel

Q: Which products are affected by CVE-2021-41556?

4 products: squirrel-lang squirrel, squirrel-lang squirrel, fedoraproject fedora, fedoraproject fedora.

Description

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. An attacker might abuse this bug to target (for example) Cloud services that allow customization via SquirrelScripts, or distribute malware through video games that embed a Squirrel Engine.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-125 · Out-of-bounds Read

Metadata

Primary Vendor: SQUIRREL-LANG
Published: 7/28/2022
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

squirrel-lang : squirrelsquirrel-lang : squirrelfedoraproject : fedorafedoraproject : fedora

Remediation Guidance

Executive Summary

View on NIST NVD