Squirrel sqfuncstate.cpp PopTarget out-of-bounds_CVE-2026-2659

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in Squirrel up to 3.2. Affected by this vulnerability is the function SQFuncState::PopTarget of the file src/squirrel/squirrel/sqfuncstate.cpp. Executing a manipulation of the argument _target_stack can lead to out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-2659

Source VulDB

Published Feb 18, 2026 at 17:32

Modified Feb 18, 2026 at 18:03

Affected Product

Vendor n/a

Product Squirrel

Version 3.0

Affected Versions n/a Squirrel 3.0
n/a Squirrel 3.1
n/a Squirrel 3.2

CWE Classification

CWE-125 CWE-119

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in Squirrel up to 3.2. Affected by this vulnerability is the function SQFuncState::PopTarget of the file src/squirrel/squirrel/sqfuncstate.cpp. Executing a manipulation of the argument _target_stack can lead to out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-02-18T17:32:07.517Z",
    "modified": "2026-02-18T18:03:08.400Z",
    "type": "cve",
    "title": "Squirrel sqfuncstate.cpp PopTarget out-of-bounds",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.346457\nhttps://vuldb.com/?ctiid.346457\nhttps://vuldb.com/?submit.753163\nhttps://github.com/albertodemichelis/squirrel/issues/311\nhttps://github.com/oneafter/0122/blob/main/i311/repro",
    "id": "CVE-2026-2659",
    "bulletinFamily": "",
    "cwe": [
        "CWE-125",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "n/a Squirrel 3.0\nn/a Squirrel 3.1\nn/a Squirrel 3.2",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Squirrel",
    "version": "3.0",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}