Nixpkgs security tracker

Untriaged

Permalink CVE-2026-3389

3.3 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 month, 3 weeks ago Activity log

Created suggestion 1 month, 3 weeks ago

Squirrel sqstdrex.cpp sqstd_rex_newnode null pointer dereference

A vulnerability was determined in Squirrel up to 3.2. This vulnerability affects the function sqstd_rex_newnode in the library sqstdlib/sqstdrex.cpp. Executing a manipulation can lead to null pointer dereference. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-348275 | Squirrel sqstdrex.cpp sqstd_rex_newnode null pointer dereference vdb-entrytechnical-description
VDB-348275 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #761315 | albertodemichelis squirrel master-branch NULL Pointer Dereference third-party-advisory
https://github.com/albertodemichelis/squirrel/issues/314 issue-tracking
https://github.com/oneafter/0122/blob/main/i314/repro exploit

Affected products

Squirrel

==3.1
==3.2
==3.0

Matching in nixpkgs

pkgs.squirrel-sql

Universal SQL Client

nixos-unstable 5.0.0
- nixpkgs-unstable 5.0.0
- nixos-unstable-small 5.0.0
nixos-25.11 5.0.0
- nixos-25.11-small 5.0.0
- nixpkgs-25.11-darwin 5.0.0

pkgs.squirreldisk

Cross-platform disk usage analysis tool

pkgs.vimPlugins.nvim-treesitter-parsers.squirrel

None

nixos-unstable 0.0.0+rev=072c969
- nixpkgs-unstable 0.0.0+rev=072c969
- nixos-unstable-small 0.0.0+rev=072c969
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

Package maintainers

@peret Peter Retzlaff