CVE-2026-2659
Out-of-Bounds Read in Squirrel SQFuncState::PopTarget Function
Publication date: 2026-02-18
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| squirrel-lang | squirrel | to 3.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-2659 is a heap-buffer underflow vulnerability in the Squirrel programming language up to version 3.2. It occurs in the function SQFuncState::PopTarget located in the source file sqfuncstate.cpp. The vulnerability arises because the function attempts to access the last element of an internal stack (_target_stack) without checking if the stack is empty. When the stack is empty, this leads to an out-of-bounds read (reading memory before the allocated buffer), classified as CWE-125.
This issue happens during the parsing of complex expressions involving binary or logical operations, such as those found in for loops. The improper bounds checking causes the function to read invalid memory, potentially leading to crashes or undefined behavior in the compiler.
Exploitation requires local access, and a proof-of-concept exploit is publicly available. Despite early notification, the Squirrel project has not yet addressed or mitigated this vulnerability.
How can this vulnerability impact me? :
This vulnerability primarily impacts the availability of the affected system by causing crashes or undefined behavior in the Squirrel compiler when processing certain complex expressions.
Since the vulnerability involves an out-of-bounds read leading to a heap-buffer underflow, it can cause the compiler to crash or behave unpredictably, potentially disrupting development or runtime environments that rely on Squirrel scripts.
Exploitation requires local access, so an attacker would need to have some level of privilege on the host system to trigger the issue.
No known mitigations or official fixes exist, so affected users are advised to consider alternative products or avoid using vulnerable versions of Squirrel.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects the Squirrel programming language compiler up to version 3.2, specifically in the function SQFuncState::PopTarget. Detection involves identifying if the vulnerable version of Squirrel is present and potentially triggering the vulnerability by compiling complex expressions involving binary or logical operations inside statements such as for loops.
Since the exploit requires local access and triggers an out-of-bounds read causing a crash, one detection method is to run the provided proof-of-concept exploit or test files with AddressSanitizer (ASAN) enabled to observe heap-buffer-overflow errors.
Suggested commands include building Squirrel with ASAN enabled and running the crashing test file from the public exploit repository to detect the vulnerability by observing ASAN reports.
- Build Squirrel with ASAN enabled (e.g., using compiler flags like -fsanitize=address).
- Run the provided crashing test file from the public exploit repository to trigger the vulnerability.
- Monitor for ASAN error reports indicating an 8-byte out-of-bounds read in SQFuncState::PopTarget.
What immediate steps should I take to mitigate this vulnerability?
There are no official patches or countermeasures provided by the Squirrel project as of the disclosure date.
Immediate mitigation steps include restricting local access to systems running vulnerable versions of Squirrel up to 3.2 to prevent exploitation.
Consider avoiding the use of the vulnerable Squirrel compiler version and evaluate alternative products or versions not affected by this vulnerability.
Monitor for updates or patches from the Squirrel project or community that address this issue.