CVE-2021-41556Squirrel-lang · Squirrel
Vulnerability data via NVD (ingested)
sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. An attacker might abuse this bug to target (for example) Cloud services that allow customization via SquirrelScripts, or distribute malware through video games that embed a Squirrel Engine.
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
vuln:CVE-2021-41556product:"Squirrel-lang Squirrel"http.html:"Squirrel"More intel sources (5)
vuln:CVE-2021-41556vulnerabilities.cve_id: CVE-2021-41556CVE-2021-41556CVE-2021-41556"CVE-2021-41556" exploit -site:nvd.nist.gov