Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-11T01:30:11 squirrel: Squirrel: Heap-based buffer overflow allows local denial of service 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CWE-120

A vulnerability was determined in Squirrel up to 3.2. This affects the function SQFunctionProto::Load of the file squirrel/sqobject.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

A flaw was found in Squirrel. A local attacker could exploit a heap-based buffer overflow vulnerability, which occurs when a program writes more data to a memory buffer than it can hold. This flaw, specifically affecting the SQFunctionProto::Load function within squirrel/sqobject.cpp, could lead to a denial of service, making the application unavailable, and potentially result in limited information disclosure.

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Deployment Validation Operator Fix deferred dvo/deployment-validation-rhel8-operator MCP Server for Red Hat OpenShift Fix deferred openshift-mcp-beta/openshift-mcp-server-rhel9 Multicluster Global Hub Fix deferred multicluster-globalhub/multicluster-globalhub-grafana-rhel9 OpenShift Developer Tools and Services Fix deferred helm OpenShift Lightspeed Fix deferred openshift-lightspeed/openshift-mcp-server-rhel9 OpenShift Service Mesh 2 Fix deferred openshift-service-mesh/istio-rhel8-operator OpenShift Service Mesh 3 Fix deferred openshift-service-mesh/istio-rhel9-operator Red Hat Advanced Cluster Management for Kubernetes 2 Fix deferred rhacm2/acm-grafana-rhel9 Red Hat Advanced Cluster Management for Kubernetes 2 Fix deferred rhacm2/multicloud-integrations-rhel9 Red Hat Advanced Cluster Management for Kubernetes 2 Fix deferred rhacm2/multicluster-operators-subscription-rhel9 Red Hat Advanced Cluster Management for Kubernetes 2 Fix deferred rhacm2/submariner-operator-bundle Red Hat Advanced Cluster Management for Kubernetes 2 Fix deferred rhacm2/submariner-rhel9-operator Red Hat Advanced Cluster Security 4 Fix deferred advanced-cluster-security/rhacs-main-rhel8 Red Hat Advanced Cluster Security 4 Fix deferred advanced-cluster-security/rhacs-rhel8-operator Red Hat Advanced Cluster Security 4 Fix deferred advanced-cluster-security/rhacs-roxctl-rhel8 Red Hat Advanced Cluster Security 4 Fix deferred advanced-cluster-security/rhacs-scanner-v4-rhel8 Red Hat Ceph Storage 6 Fix deferred rhceph/rhceph-6-dashboard-rhel9 Red Hat Ceph Storage 9 Fix deferred rhceph/alloy-rhel10 Red Hat Ceph Storage 9 Fix deferred rhceph/grafana-rhel10 Red Hat OpenShift AI (RHOAI) Fix deferred rhoai/odh-ml-pipelines-api-server-v2-rhel8 Red Hat OpenShift AI (RHOAI) Fix deferred rhoai/odh-ml-pipelines-api-server-v2-rhel9 Red Hat OpenShift AI (RHOAI) Fix deferred rhoai/odh-ml-pipelines-driver-rhel8 Red Hat OpenShift AI (RHOAI) Fix deferred rhoai/odh-ml-pipelines-driver-rhel9 Red Hat OpenShift AI (RHOAI) Fix deferred rhoai/odh-ml-pipelines-launcher-rhel8 Red Hat OpenShift AI (RHOAI) Fix deferred rhoai/odh-ml-pipelines-launcher-rhel9 Red Hat OpenShift AI (RHOAI) Fix deferred rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8 Red Hat OpenShift AI (RHOAI) Fix deferred rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9 Red Hat OpenShift AI (RHOAI) Fix deferred rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8 Red Hat OpenShift AI (RHOAI) Fix deferred rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9 Red Hat OpenShift Container Platform 4 Fix deferred openshift3/ose-console Red Hat OpenShift Container Platform 4 Fix deferred openshift4-dev-preview-beta/openperouter-edge-rhel10-operator Red Hat OpenShift Container Platform 4 Fix deferred openshift4-dev-preview-beta/openperouter-operator-bundle Red Hat OpenShift Container Platform 4 Fix deferred openshift4-dev-preview-beta/openperouter-rhel9-operator Red Hat OpenShift Container Platform 4 Fix deferred openshift4/metallb-operator-rhel8 Red Hat OpenShift Container Platform 4 Fix deferred openshift4/metallb-rhel9-operator Red Hat OpenShift Container Platform 4 Fix deferred openshift4/oc-mirror-plugin-rhel9 Red Hat OpenShift Container Platform 4 Fix deferred openshift4/ose-cluster-olm-rhel9-operator Red Hat OpenShift Container Platform 4 Fix deferred openshift4/ose-console Red Hat OpenShift Container Platform 4 Fix deferred openshift4/ose-console-rhel9 Red Hat OpenShift Container Platform 4 Fix deferred openshift4/ose-helm-rhel9-operator Red Hat OpenShift Container Platform 4 Fix deferred openshift4/ose-olm-catalogd-rhel9 Red Hat OpenShift Container Platform 4 Fix deferred openshift4/ose-olm-operator-controller-rhel9 Red Hat OpenShift Container Platform 4 Fix deferred openshift4/ose-operator-framework-tools-rhel9 Red Hat OpenShift Container Platform 4 Fix deferred openshift4/ose-operator-lifecycle-manager-rhel9 Red Hat OpenShift Container Platform 4 Fix deferred openshift4/ose-operator-registry-rhel9 Red Hat OpenShift Container Platform 4 Fix deferred openshift4/ose-operator-sdk-rhel9 Red Hat OpenShift GitOps Fix deferred openshift-gitops-1/argocd-rhel8 Red Hat OpenShift GitOps Fix deferred openshift-gitops-1/argocd-rhel9 Red Hat OpenShift Virtualization 4 Fix deferred container-native-virtualization/bridge-marker-rhel9 Red Hat OpenShift Virtualization 4 Fix deferred container-native-virtualization/cluster-network-addons-operator-rhel9 Red Hat OpenShift Virtualization 4 Fix deferred container-native-virtualization/cnv-containernetworking-plugins-rhel9 Red Hat OpenShift Virtualization 4 Fix deferred container-native-virtualization/kubemacpool-rhel9 Red Hat OpenShift Virtualization 4 Fix deferred container-native-virtualization/kubesecondarydns-rhel9 Red Hat OpenShift Virtualization 4 Fix deferred container-native-virtualization/multus-dynamic-networks-rhel9 Red Hat OpenShift Virtualization 4 Fix deferred container-native-virtualization/ovs-cni-plugin-rhel9 Red Hat OpenStack Platform 16.2 Fix deferred rhosp-rhel8/osp-director-operator-bundle Red Hat OpenStack Platform 17.1 Fix deferred rhosp-rhel9/osp-director-operator-bundle Red Hat OpenStack Platform 18.0 Fix deferred rhoso-operators/openstack-operator-bundle Red Hat OpenStack Platform 18.0 Fix deferred rhoso-operators/rabbitmq-cluster-rhel9-operator Red Hat Trusted Artifact Signer Fix deferred rhtas/policy-controller-rhel9-operator Red Hat Trusted Profile Analyzer Fix deferred rhtpa/rhtpa-rhel9-operator https://www.cve.org/CVERecord?id=CVE-2026-8261 https://nvd.nist.gov/vuln/detail/CVE-2026-8261 https://github.com/albertodemichelis/squirrel/issues/326 https://github.com/biniamf/pocs/tree/main/squirrel-sqobject-functionproto-load-intovf-lineinfos https://vuldb.com/submit/809904 https://vuldb.com/vuln/362558 https://vuldb.com/vuln/362558/cti