#1130874 squirrel3: CVE-2026-3389

Package:
src:squirrel3
Source:
src:squirrel3
Submitter:
Salvatore Bonaccorso
Date:
2026-03-15 15:15:03 UTC
Severity:
normal
Tags:
#1130874#5
Date:
2026-03-15 15:14:00 UTC
From:
To:
Hi,

The following vulnerability was published for squirrel3.

CVE-2026-3389[0]:
| A vulnerability was determined in Squirrel up to 3.2. This
| vulnerability affects the function sqstd_rex_newnode in the library
| sqstdlib/sqstdrex.cpp. Executing a manipulation can lead to null
| pointer dereference. The attack can only be executed locally. The
| exploit has been publicly disclosed and may be utilized. The project
| was informed of the problem early through an issue report but has
| not responded yet.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-3389
https://www.cve.org/CVERecord?id=CVE-2026-3389
[1] https://github.com/albertodemichelis/squirrel/issues/314

Regards,
Salvatore