CVE-2026-3388 — Improper Resource Shutdown or Release in Squirrel

CWE-404 — Improper Resource Shutdown or Release CWE-674 — Uncontrolled Recursion5 documents5 sources

Severity

4.8MEDIUMNVD

EPSS

0.0%

top 92.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Squirrel-lang Squirrel Debian Squirrel3

Timeline

PublishedMar 1

Description

A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp. Performing a manipulation results in uncontrolled recursion. The attack needs to be approached locally. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

▶NVDsquirrel-lang/squirrel3.2

▶debiandebian/squirrel3

▶CVEListV5squirrel-lang/squirrel3.0, 3.1, 3.2+2

🔴Vulnerability Details

GHSA

GHSA-px8q-3qhf-3h43: A vulnerability was found in Squirrel up to 3↗2026-03-01

▶

OSV

CVE-2026-3388: A vulnerability was found in Squirrel up to 3↗2026-03-01

▶

📋Vendor Advisories

Debian

CVE-2026-3388: squirrel3 - A vulnerability was found in Squirrel up to 3.2. This affects the function SQCom...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-3388 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶