Squirrel NULL Pointer Dereference Vulnerability in Regex Module
Vulnerability
A null pointer dereference vulnerability has been identified in Squirrel programming language versions up to 3.2. The issue arises in the standard library's regex module, specifically within the function 'sqstd_rex_newnode' in 'sqstdlib/sqstdrex.cpp'. This vulnerability leads to a segmentation fault by causing a write access violation on a null address, which can be exploited locally. The problem was reported to the Squirrel project, but no response has been received yet.
Impact
Exploitation of this vulnerability causes a segmentation fault due to a null pointer dereference, leading to a crash of the application.
Reproduction
The vulnerability can be reproduced by building Squirrel with release optimization and AddressSanitizer (ASan) enabled. After compiling the program, it can be run with a specific regular expression that triggers the null pointer dereference. This can be done by using a crafted file that exploits the vulnerability, which is available as part of the GitHub issue reporting the vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.