CVE-2022-46330

high

Description

Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer.

References

Advisories

https://jvn.jp/en/jp/JVN29902403/index.html

https://github.com/Squirrel/Squirrel.Windows/pull/1807

https://github.com/Squirrel/Squirrel.Windows

Details

Source: Mitre, NVD

Published: 2022-12-21

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00156