Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv3

CVE-2022-30292

Published: 04/05/2022 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Squirrel-lang

Vulnerability Summary

Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sq_reservestack call.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

squirrel-lang squirrel 3.2

fedoraproject fedora 35

fedoraproject fedora 36

Vendor Advisories

Debian CVElist Bug Report Logs: squirrel3: CVE-2022-30292
Debian Bug report logs - #1014539 squirrel3: CVE-2022-30292 Package: src:squirrel3; Maintainer for src:squirrel3 is Fabian Wolff <fabiwolff@arcorde>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Thu, 7 Jul 2022 15:57:01 UTC Severity: grave Tags: security Reply or subscribe to this bug Toggle usele ...

Github Repositories

https://github.com/sprushed/CVE-2022-30292

CVE-2022-30292 Description This vulnerability is the heap-based buffer overflow in the function thread_call in Squirrel 32 and below It caused by the lack of the call of sq_reservestack function This vulnerability leads to DoS of the client and could possibly lead to sandbox escape and arbitrary code execution Attack vector To exploit vulnerability someone must run crafted S

References

CWE-787https://github.com/albertodemichelis/squirrel/commit/a6413aa690e0bdfef648c68693349a7b878fe60dhttps://github.com/sprushed/CVE-2022-30292https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBUYGYXDQX3OSAYHP4TCG3JS7PJTIE75/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DMIKSVTKNU5FRCUUNAYMCQLOJA3K3S2I/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV7SJJ44AGAX4ILIVPREIXPJ2GOG3FKV/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M3FQILX7UUEERSDPMZP3MKGTMY2E7ESU/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014539https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook