VYPR
← All advisories
Critical severity10.0NVD Advisory· Published Jul 28, 2022· Updated May 29, 2026

CVE-2021-41556

CVE-2021-41556

Description

An out-of-bounds read in Squirrel scripting engine (through 2.2.5 and 3.x through 3.1) allows sandbox escape and arbitrary code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An out-of-bounds read in Squirrel scripting engine (through 2.2.5 and 3.x through 3.1) allows sandbox escape and arbitrary code execution.

Vulnerability

The vulnerability resides in sqclass.cpp within the core interpreter of Squirrel, affecting versions through 2.2.5 and 3.x through 3.1 [1]. It is an out-of-bounds read that can be triggered when a malicious Squirrel script is executed. The bug exists in the handling of certain language constructs, such as generators and delegates, which are complex features that were not thoroughly security-reviewed [1]. The out-of-bounds read occurs in the core interpreter and can be leveraged to break out of the intended sandbox restrictions.

Exploitation

An attacker needs to convince a victim to execute a crafted Squirrel script. This is feasible in environments where Squirrel is used for user-generated content, such as video games (e.g., Counter-Strike: Global Offensive) or cloud services that allow customization via Squirrel scripts [1]. The attacker does not require any special privileges beyond the ability to provide a script. The exploit involves crafting a script that triggers the out-of-bounds read, which then allows the attacker to manipulate the virtual machine state and escape the sandbox [1]. No user interaction beyond executing the script is needed.

Impact

Successful exploitation allows an attacker to escape the Squirrel VM sandbox and execute arbitrary code within the host process [1]. This gives the attacker full access to the underlying machine, bypassing any restrictions that were intended to prevent access to dangerous functionality (e.g., file system functions). In the context of video games, this could lead to remote code execution on players' machines when they load a malicious custom map or game mode. For cloud services, it could compromise the host server.

Mitigation

The vulnerability was fixed in Squirrel version 3.2 (released after the disclosure) [1]. Users of Squirrel-based applications should update to the latest version. For applications that embed Squirrel, such as CS:GO, the vendor (Valve) should apply the patch. As of the publication date, no workaround is available other than avoiding execution of untrusted Squirrel scripts. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date.

References
  1. Squirrel Sandbox Escape allows Code Execution in Games and Cloud Services

AI Insight generated on May 29, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

5

Patches

1
23a062065871

check max member count in class

https://github.com/albertodemichelis/squirrelalbertodemichelisSep 16, 2021via nvd-ref
commit
2 files changed · +4 0
  • squirrel/sqclass.cpp+3 0 modified
    @@ -61,6 +61,9 @@ bool SQClass::NewSlot(SQSharedState *ss,const SQObjectPtr &key,const SQObjectPtr
         _defaultvalues[_member_idx(temp)].val = val;
         return true;
     }
+	if (_members->CountUsed() >= MEMBER_MAX_COUNT) {
+		return false;
+	}
     if(belongs_to_static_table) {
         SQInteger mmidx;
         if((sq_type(val) == OT_CLOSURE || sq_type(val) == OT_NATIVECLOSURE) &&
  • squirrel/sqclass.h+1 0 modified
    @@ -17,6 +17,7 @@ typedef sqvector<SQClassMember> SQClassMemberVec;
 
 #define MEMBER_TYPE_METHOD 0x01000000
 #define MEMBER_TYPE_FIELD 0x02000000
+#define MEMBER_MAX_COUNT 0x00FFFFFF
 
 #define _ismethod(o) (_integer(o)&MEMBER_TYPE_METHOD)
 #define _isfield(o) (_integer(o)&MEMBER_TYPE_FIELD)

Vulnerability mechanics

Root cause

"Missing upper-bound check on class member count in SQClass::NewSlot allows an out-of-bounds read."

Attack vector

An attacker crafts a malicious Squirrel script that defines a class with more than 0x00FFFFFF members. When a victim (e.g., a cloud service or game engine) executes this script, the missing member-count check in `SQClass::NewSlot` triggers an out-of-bounds read. This memory corruption can be leveraged to break out of the Squirrel sandbox even if dangerous functions like file I/O are disabled, enabling arbitrary code execution on the host [ref_id=1].

Affected code

The vulnerability resides in `sqclass.cpp` within the `SQClass::NewSlot` function. The patch adds a check that aborts slot creation when `_members->CountUsed() >= MEMBER_MAX_COUNT` (0x00FFFFFF). Without this guard, an attacker can create an excessive number of class members, leading to an out-of-bounds read in the core interpreter that can escalate to code execution.

What the fix does

The patch introduces a `MEMBER_MAX_COUNT` constant (0x00FFFFFF) and adds a guard in `SQClass::NewSlot` that returns `false` if `_members->CountUsed()` reaches that limit. This prevents the class from accumulating more members than the internal data structures can safely index, closing the out-of-bounds read that could be exploited for code execution [ref_id=1].

Preconditions

  • inputThe victim must execute an attacker-controlled Squirrel script.
  • inputThe script must define a class with more than 0x00FFFFFF members.

Generated on May 29, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

0

No linked articles in our index yet.