CVE-2021-41556: 
Homebrew vulnerability analysis and mitigation

CVE-2021-41556 affects Squirrel through version 2.2.5 and 3.x through 3.1. The vulnerability exists in sqclass.cpp and allows an out-of-bounds read in the core interpreter that can lead to code execution. This vulnerability enables attackers to break out of the squirrel script sandbox even when dangerous functionality like File System functions are disabled (NVD, SonarSource Blog).

The vulnerability stems from an out-of-bounds read issue in the core interpreter's class handling mechanism. The bug occurs when storing information within an index value, where bits representing this information are set too low. An attacker can exploit this by creating a class definition with 0x02000000 methods, which can force the isfield() macro to return true since the bitflag would be set. This allows accessing the defaultvalues array out of bounds. The vulnerability has been assigned a CVSS v3.1 base score of 10.0 CRITICAL (NVD, SonarSource Blog).

The vulnerability allows attackers to escape the Squirrel VM sandbox and gain full access to the underlying machine. This is particularly concerning for cloud services and video games that use Squirrel for customization and plugin development. For example, an attacker could embed malicious Squirrel script into a community map and distribute it via trusted platforms like Steam Workshop, potentially compromising server machines when downloaded and installed by server owners (SonarSource Blog, Hacker News).

A patch has been released as a commit to the official Squirrel repository. Project maintainers who depend on Squirrel are strongly recommended to rebuild the latest Squirrel version from source code to protect against these attacks. The fix includes checking the maximum member count in class definitions (GitHub Patch, SonarSource Blog).