CVE-2022-46330
Published: 21 December 2022
Summary
CVE-2022-46330 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Squirrel.Windows Project Squirrel.Windows. Its CVSS base score is 7.8 (High).
Operationally, ranked at the 41.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-49147
Vulnerability details
Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic…
more
Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.