Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3 vulnerabilities by Squirrel
CVE-2022-46330 (GCVE-0-2022-46330)
Vulnerability from nvd – Published: 2022-12-21 00:00 – Updated: 2025-04-16 16:03
VLAI
Summary
Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Uncontrolled Search Path Element
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Squirrel | Installers generated by Squirrel.Windows |
Affected:
2.0.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Squirrel/Squirrel.Windows/pull/1807"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Squirrel/Squirrel.Windows"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN29902403/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46330",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T16:02:36.212508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:03:10.062Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Installers generated by Squirrel.Windows",
"vendor": "Squirrel",
"versions": [
{
"status": "affected",
"version": "2.0.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uncontrolled Search Path Element",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-21T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://github.com/Squirrel/Squirrel.Windows/pull/1807"
},
{
"url": "https://github.com/Squirrel/Squirrel.Windows"
},
{
"url": "https://jvn.jp/en/jp/JVN29902403/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-46330",
"datePublished": "2022-12-21T00:00:00.000Z",
"dateReserved": "2022-12-14T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:03:10.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2022-000102
Vulnerability from jvndb - Published: 2022-12-21 14:23 - Updated:2022-12-21 14:23
Severity
Summary
Installers generated by Squirrel.Windows may insecurely load Dynamic Link Libraries
Details
Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications.
Installers generated by Squirrel.Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Koh You Liang of Sompo Holdings, Inc. reported this vulnerability to the developer first, and to IPA later.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000102.html",
"dc:date": "2022-12-21T14:23+09:00",
"dcterms:issued": "2022-12-21T14:23+09:00",
"dcterms:modified": "2022-12-21T14:23+09:00",
"description": "Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications.\r\nInstallers generated by Squirrel.Windows contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nKoh You Liang of Sompo Holdings, Inc. reported this vulnerability to the developer first, and to IPA later.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000102.html",
"sec:cpe": {
"#text": "cpe:/a:squirrel.windows_project:squirrel.windows",
"@product": "Squirrel.Windows",
"@vendor": "Squirrel",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000102",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN29902403/index.html",
"@id": "JVN#29902403",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-46330",
"@id": "CVE-2022-46330",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-46330",
"@id": "CVE-2022-46330",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installers generated by Squirrel.Windows may insecurely load Dynamic Link Libraries"
}
CVE-2022-46330 (GCVE-0-2022-46330)
Vulnerability from cvelistv5 – Published: 2022-12-21 00:00 – Updated: 2025-04-16 16:03
VLAI
Summary
Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Uncontrolled Search Path Element
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Squirrel | Installers generated by Squirrel.Windows |
Affected:
2.0.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Squirrel/Squirrel.Windows/pull/1807"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Squirrel/Squirrel.Windows"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN29902403/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46330",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T16:02:36.212508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:03:10.062Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Installers generated by Squirrel.Windows",
"vendor": "Squirrel",
"versions": [
{
"status": "affected",
"version": "2.0.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uncontrolled Search Path Element",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-21T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://github.com/Squirrel/Squirrel.Windows/pull/1807"
},
{
"url": "https://github.com/Squirrel/Squirrel.Windows"
},
{
"url": "https://jvn.jp/en/jp/JVN29902403/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-46330",
"datePublished": "2022-12-21T00:00:00.000Z",
"dateReserved": "2022-12-14T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:03:10.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}