CVE-2026-2661
Received Received - Intake
Heap-Based Buffer Overflow in Squirrel SQObjectPtr::operator (Local Exploit

Publication date: 2026-02-18

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. The manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-18
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-02-18
EPSS Evaluated
2026-06-15
NVD
CVE-2026-2661
EUVD
EUVD-2026-7641
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
squirrel-lang squirrel to 3.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-2661 is a heap-based buffer overflow vulnerability in the Squirrel virtual machine (VM) up to version 3.2. It occurs in the function SQObjectPtr::operator= within the source file squirrel/sqobject.h.'}, {'type': 'paragraph', 'content': "The vulnerability is caused by uncontrolled infinite recursion triggered by repeated metamethod calls (_set and _get) during script execution. This recursion leads to stack exhaustion or corruption because the VM's internal execution stack, implemented as a heap-allocated vector (sqvector<SQObjectPtr>), grows beyond its allocated heap buffer."}, {'type': 'paragraph', 'content': 'Specifically, the VM fails to properly check or enforce stack limits during recursive property assignments that invoke the _set metamethod repeatedly, causing the stack to overflow and resulting in a memory access violation 8 bytes beyond the end of a 16KB allocated heap buffer.'}, {'type': 'paragraph', 'content': 'This heap buffer overflow can cause crashes or memory corruption. The vulnerability requires local access to exploit and has a publicly available proof-of-concept exploit.'}] [1, 3, 4]

Impact Analysis

This vulnerability can cause the Squirrel VM to crash due to heap buffer overflow, potentially leading to denial of service or memory corruption.

Since the exploit requires local access, an attacker with local privileges could trigger the infinite recursion to cause the VM to crash or behave unpredictably.

The impact is primarily on system availability, as the heap overflow can disrupt normal operation of applications using the Squirrel VM.

Compliance Impact

I don't know

Detection Guidance

This vulnerability manifests as a heap-based buffer overflow caused by uncontrolled infinite recursion in the Squirrel VM during script execution. Detection involves monitoring for crashes or memory access violations related to the Squirrel VM, especially those triggered by recursive property assignments invoking the `_set` and `_get` metamethods.

Since the vulnerability requires local access and is triggered by specific script behavior, detection can be performed by running the provided reproduction script that triggers the infinite recursion and heap buffer overflow.

Suggested commands to detect the vulnerability include:

  • Build the Squirrel VM with AddressSanitizer (ASan) enabled in Release mode.
  • Run the repro script to trigger the vulnerability: `./build/bin/sq repro`
  • Monitor system logs or ASan output for heap-buffer-overflow errors or crashes related to `SQObjectPtr::operator=`.
  • Use debugging tools like AddressSanitizer or Valgrind to detect memory corruption during execution of Squirrel scripts.
Mitigation Strategies

Currently, no official patches or countermeasures have been provided by the Squirrel project to address this vulnerability.

Immediate mitigation steps include:

  • Restrict local access to systems running vulnerable versions of the Squirrel VM to prevent exploitation.
  • Avoid running untrusted or malicious scripts that could trigger the infinite recursion in metamethod calls.
  • Consider using alternative products or versions of Squirrel that are not affected by this vulnerability.
  • Monitor for updates or patches from the Squirrel project and apply them once available.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2661. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart