{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-3389","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2026-02-28T14:53:46.132Z","datePublished":"2026-03-01T10:02:07.773Z","dateUpdated":"2026-03-02T13:57:10.799Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2026-03-01T10:02:07.773Z"},"title":"Squirrel sqstdrex.cpp sqstd_rex_newnode null pointer dereference","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-476","lang":"en","description":"NULL Pointer Dereference"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-404","lang":"en","description":"Denial of Service"}]}],"affected":[{"vendor":"n/a","product":"Squirrel","versions":[{"version":"3.0","status":"affected"},{"version":"3.1","status":"affected"},{"version":"3.2","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was determined in Squirrel up to 3.2. This vulnerability affects the function sqstd_rex_newnode in the library sqstdlib/sqstdrex.cpp. Executing a manipulation can lead to null pointer dereference. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":4.8,"vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":3.3,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":3.3,"vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":1.7,"vectorString":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2026-02-28T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2026-02-28T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2026-02-28T15:58:53.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Oneafter (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.348275","name":"VDB-348275 | Squirrel sqstdrex.cpp sqstd_rex_newnode null pointer dereference","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.348275","name":"VDB-348275 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.761315","name":"Submit #761315 | albertodemichelis squirrel master-branch NULL Pointer Dereference","tags":["third-party-advisory"]},{"url":"https://github.com/albertodemichelis/squirrel/issues/314","tags":["issue-tracking"]},{"url":"https://github.com/oneafter/0122/blob/main/i314/repro","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-03-02T13:56:59.651749Z","id":"CVE-2026-3389","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-03-02T13:57:10.799Z"}}]}}