Vulnerability Description
An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mhammond | Pywin32 | < 301 |
Related Weaknesses (CWE)
References
- https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/Third Party Advisory
- https://github.com/mhammond/pywin32/issues/1700PatchThird Party Advisory
- https://github.com/mhammond/pywin32/pull/1701Third Party Advisory
- https://github.com/mhammond/pywin32/releasesRelease NotesThird Party Advisory
- https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/Third Party Advisory
- https://github.com/mhammond/pywin32/issues/1700PatchThird Party Advisory
- https://github.com/mhammond/pywin32/pull/1701Third Party Advisory
- https://github.com/mhammond/pywin32/releasesRelease NotesThird Party Advisory
FAQ
What is CVE-2021-32559?
CVE-2021-32559 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attac...
How severe is CVE-2021-32559?
CVE-2021-32559 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32559?
Check the references section above for vendor advisories and patch information. Affected products include: Mhammond Pywin32.