CVE-2021-32559

high

Description

An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.

References

Advisories

https://github.com/mhammond/pywin32/releases

https://github.com/mhammond/pywin32/pull/1701

https://github.com/mhammond/pywin32/issues/1700

https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md

Details

Source: Mitre, NVD

Published: 2021-07-06

Updated: 2025-03-27

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

CVSS v4

Base Score: 7.1

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00373