CVE-2022-30292Out-of-bounds Write in Squirrel

CWE-787Out-of-bounds Write4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
2.5%
top 14.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian Squirrel3Fedoraproject FedoraSquirrel-lang Squirrel
Timeline
PublishedMay 4
Latest updateMay 6

Description

Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sq_reservestack call.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages2 packages

debiandebian/squirrel3< squirrel3 3.1-8.2 (forky)

Also affects: Fedora 35, 36

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-v26v-vfh5-54qp: thread_call in sqbaselib2022-05-06
OSV
CVE-2022-30292: Heap-based buffer overflow in sqbaselib2022-05-04

📋Vendor Advisories

1
Debian
CVE-2022-30292: squirrel3 - Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a cer...2022
CVE-2022-30292 — Out-of-bounds Write in Squirrel | cvebase