Vulnerability Description
Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Squirrel.Windows Project | Squirrel.Windows | <= 2.0.1 |
Related Weaknesses (CWE)
References
- https://github.com/Squirrel/Squirrel.WindowsThird Party Advisory
- https://github.com/Squirrel/Squirrel.Windows/pull/1807PatchThird Party Advisory
- https://jvn.jp/en/jp/JVN29902403/index.htmlThird Party Advisory
- https://github.com/Squirrel/Squirrel.WindowsThird Party Advisory
- https://github.com/Squirrel/Squirrel.Windows/pull/1807PatchThird Party Advisory
- https://jvn.jp/en/jp/JVN29902403/index.htmlThird Party Advisory
FAQ
What is CVE-2022-46330?
CVE-2022-46330 is a vulnerability with a CVSS score of 7.8 (HIGH). Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contai...
How severe is CVE-2022-46330?
CVE-2022-46330 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-46330?
Check the references section above for vendor advisories and patch information. Affected products include: Squirrel.Windows Project Squirrel.Windows.