Squirrel Gaming Language Allows Hackers to Inject Code into Games
Table of Contents
- By Dawna M. Roberts
- Published: Oct 28, 2021
- Last Updated: Mar 18, 2022
Threatpost reported this morning that a vulnerability in the Squirrel programming language could allow bad actors to execute malicious code within a gaming virtual machine (VM), giving them complete control over it.
What is the Threat?
Threat researchers discovered an out-of-bounds read vulnerability this week affecting the Squirrel gaming language and millions of players of online games such as Counter-Strike, Global Offensive, and Portal 2, and some cloud-based services as well.
Threatpost explains,
“Given where Squirrel lives – in games and embedded in the internet of things (IoT) – the bug potentially endangers the millions of monthly gamers who play video games such as Counter-Strike: Global Offensive and Portal 2, as well as cloud services IoT platforms with ready-to-use open-source code library.”
What is Squirrel?
Squirrel is an open-source, object-oriented programming language employed in the development of many popular games and online cloud services. “It’s a lightweight scripting language that suits the size, memory bandwidth, and real-time requirements of applications like video games and embedded systems,” Threatpost adds.”
The vulnerability has been coded as CVE-2021-41556 and is an out-of-bounds read flaw that bad actors may use to execute malicious commands within certain video games.
Threatpost explains how the flaw was discovered,
“The vulnerability was discovered by SonarSource and detailed in a post published on Tuesday. In that writeup, vulnerability researchers Simon Scannell and Niklas Breitfeld suggested a real-world scenario in which an attacker could embed a malicious Squirrel script into a community map and distribute it via the trusted Steam Workshop: a mod repository for Steam Games that lets creators upload their mods for a massive built-in audience while providing regular players with an easy way to obtain mods.”
Threat researchers added,
“When a server owner downloads and installs this malicious map onto his server, the Squirrel script is executed, escapes its VM, and takes control of the server machine.”
The Technical Details
Threatpost explains the technical details,
“The security flaw concerns an “out-of-bounds access via index confusion” when defining Squirrel classes. “The fact that bitflags are set within indexes is problematic as it is entirely possible for an attacker to create a class definition with 0x02000000 methods,” the researchers explained. They created the following, “very simple” proof of concept (PoC): just a nibble’s worth of code that could be exploited to hijack a program and grant an attacker full control of the Squirrel VM.”
“The rawset and rawget functions allow us to handily access members of a given class,” according to the analysis. “In this PoC, the squirrel interpreter will dereference a null pointer and segfault because the _defaultvalues array has not been allocated yet.”
The danger is that a hacker could use the flaw to set up a fake array allowing them control over read and write values. In a proof-of-concept experiment, threat researchers were able to duplicate the event and could essentially “hijack the control flow of the program and gain full control of the Squirrel VM.”
How Can Game Players Stay Safe?
Thankfully, back in August, the maintainer of the Squirrel GitHub repository used this information to patch the vulnerability and uploaded a new source code on September 16.
Programmers should immediately update to the latest patched version. In addition, threat researchers urge all game developers to update to the newest fix commit to protect against these types of attacks.
Additionally, game players should:
- Only download games from reputable sources.
- Keep your games updated to the latest security patch.
- Keep all operating systems updated.
- Use good strong antivirus on all devices.
- Use long, strong passwords on all accounts.
