CVE Vulnerability

CVE-2021-32559

An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.

4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/mhammond/pywin32/releases Release Notes Third Party Advisory
https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md Third Party Advisory
https://github.com/mhammond/pywin32/issues/1700 Patch Third Party Advisory
https://github.com/mhammond/pywin32/pull/1701 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:pywin32_project:pywin32:*:*:*:*:*:*:*:*
Information

Published : 2021-07-06 12:15

Updated : 2021-09-14 02:40

NVD link : CVE-2021-32559

Mitre link : CVE-2021-32559

Products Affected
No products.
CWE
CWE-190