Home > Vulnerability Database > CVE-2022-46330

Mend.io Vulnerability Database

CVE-2022-46330

Date: December 21, 2022

Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer.

Language: C#

Severity Score

7.8

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-46330

Url: https://jvn.jp/en/jp/JVN29902403/index.html

Url: https://github.com/Squirrel/Squirrel.Windows/pull/1807

Url: https://github.com/Squirrel/Squirrel.Windows

Url: https://www.mend.io/vulnerability-database/CVE-2022-46330

Severity Score

7.8

Weakness Type (CWE)

Uncontrolled Search Path Element

CWE-427

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-46330

Date: December 21, 2022

Language: C#

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?