Suggestions search

All statuses

Filter by:

With package: squirreldisk

Found 2 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2026-2661

3.3 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 month ago

Squirrel sqobject.h operator heap-based overflow

A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. The manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

References

https://github.com/albertodemichelis/squirrel/issues/310 issue-tracking
https://github.com/oneafter/0122/blob/main/i310/repro exploit
VDB-346459 | Squirrel sqobject.h operator heap-based overflow vdb-entry technical-description
VDB-346459 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
Submit #753165 | albertodemichelis squirrel master-branch Heap-based Buffer Overflow third-party-advisory

Affected products

Squirrel

==3.0
==3.1
==3.2

Matching in nixpkgs

pkgs.squirrel-sql

Universal SQL Client

nixos-unstable 5.0.0
- nixpkgs-unstable 5.0.0
- nixos-unstable-small 5.0.0
nixos-25.11 5.0.0
- nixos-25.11-small 5.0.0
- nixpkgs-25.11-darwin 5.0.0

pkgs.squirreldisk

Cross-platform disk usage analysis tool

pkgs.vimPlugins.nvim-treesitter-parsers.squirrel

None

nixos-unstable 0.0.0+rev=072c969
- nixpkgs-unstable 0.0.0+rev=072c969
- nixos-unstable-small 0.0.0+rev=072c969
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

Package maintainers

@peret Peter Retzlaff

Untriaged

Permalink CVE-2026-2659

3.3 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 month ago

Squirrel sqfuncstate.cpp PopTarget out-of-bounds

A vulnerability was determined in Squirrel up to 3.2. Affected by this vulnerability is the function SQFuncState::PopTarget of the file src/squirrel/squirrel/sqfuncstate.cpp. Executing a manipulation of the argument _target_stack can lead to out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-346457 | Squirrel sqfuncstate.cpp PopTarget out-of-bounds vdb-entry technical-description
VDB-346457 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
Submit #753163 | albertodemichelis squirrel master-branch Heap-based Buffer Overflow third-party-advisory
https://github.com/albertodemichelis/squirrel/issues/311 issue-tracking
https://github.com/oneafter/0122/blob/main/i311/repro exploit

Affected products

Squirrel

==3.0
==3.1
==3.2

Matching in nixpkgs

pkgs.squirrel-sql

Universal SQL Client

nixos-unstable 5.0.0
- nixpkgs-unstable 5.0.0
- nixos-unstable-small 5.0.0
nixos-25.11 5.0.0
- nixos-25.11-small 5.0.0
- nixpkgs-25.11-darwin 5.0.0

pkgs.squirreldisk

Cross-platform disk usage analysis tool

pkgs.vimPlugins.nvim-treesitter-parsers.squirrel

None

nixos-unstable 0.0.0+rev=072c969
- nixpkgs-unstable 0.0.0+rev=072c969
- nixos-unstable-small 0.0.0+rev=072c969
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

Package maintainers

@peret Peter Retzlaff