Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A flaw has been found in Squirrel up to 3.2. Impacted is the function validate_format in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Stack-based buffer overflow in Squirrel up to version 3.2 within the validate_format function of sqstdlib/sqstdstring.cpp allows local authenticated attackers to corrupt stack memory, potentially achieving code execution or denial of service. Public exploit code is available, and the vulnerability has been reported to the project with no vendor response documented at time of analysis.
Technical ContextAI
Squirrel is a lightweight scripting language. The vulnerability exists in the standard library string validation function validate_format, which performs unsafe memory operations (likely memcpy-based) without proper bounds checking. CWE-121 (Stack-based Buffer Overflow) indicates the flaw occurs when the function writes data beyond allocated stack buffer boundaries, potentially overwriting return addresses, stack canaries, or local variables. The affected code path is in sqstdlib/sqstdstring.cpp, part of Squirrel's standard library implementation that handles string format operations.
RemediationAI
Primary remediation: upgrade Squirrel to a version later than 3.2 once released with the fix (vendor advisory not yet available). Immediate workaround if upgrade is not feasible: disable or restrict use of the validate_format function in string library operations, or implement input validation and length checks before passing untrusted data to format operations. If Squirrel is embedded in an application, restrict script execution context to non-privileged accounts and use OS-level sandboxing (e.g., containers, seccomp filters) to limit impact of potential code execution. Monitor the official Squirrel GitHub repository (https://github.com/albertodemichelis/squirrel) and issue #325 for patch announcements. Note that workarounds may break legitimate string formatting functionality and should be evaluated for compatibility.
sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that ca
Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sq_reservestack call. Rated critica
A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the librar
A vulnerability was determined in Squirrel up to 3.2. Affected by this vulnerability is the function SQFuncState::PopTar
A vulnerability was determined in Squirrel up to 3.2. This vulnerability affects the function sqstd_rex_newnode in the l
A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the
Heap-based buffer overflow in Squirrel versions 3.0 through 3.2 allows a locally authenticated low-privilege attacker to
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Stack Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29014
GHSA-fff5-x34w-4v72