This vulnerability is the heap-based buffer overflow in the function thread_call in Squirrel 3.2 and below. It caused by the lack of the call of sq_reservestack function. This vulnerability leads to DoS of the client and could possibly lead to sandbox escape and arbitrary code execution
To exploit vulnerability someone must run crafted Squirrel bytecode or source file. This can be accomplished in multiple ways. For example, a server sends the game map to the client and one executes the malicious Squirrel script. The another way of being attacked is installing a malicious game mod onto your server.
There is the fix commit for this vulnerability. To apply the fix you should recompile the project from sources since this commit.
There are lots of games which use Squirrel as a main scripting language. Developers of these games must apply the fix as soon as possible.
We will not provide the PoC before 90 days from the date the fix was published. Perhaps we will provide it later.
- Pavel Blinnikov (pturtle)
- Ilya Titov (KyberGnida)
- Andrey Chizhov (thsage)
- Alexander Zhdanov (hydrag)