Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3ZnAtaGcybS05dnIy
Integer overflow in pywin32
An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.
Permalink: https://github.com/advisories/GHSA-hwfp-hg2m-9vr2JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3ZnAtaGcybS05dnIy
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 8 months ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-hwfp-hg2m-9vr2, CVE-2021-32559
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-32559
- https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md
- https://github.com/mhammond/pywin32/releases
- https://github.com/mhammond/pywin32/issues/1700
- https://github.com/mhammond/pywin32/pull/1701
- https://github.com/advisories/GHSA-hwfp-hg2m-9vr2
Blast Radius: 28.9
Affected Packages
pypi:pywin32
Dependent packages: 677Dependent repositories: 27,854
Downloads: 10,322,897 last month
Affected Version Ranges: < 301
Fixed in: 301
All affected versions:
All unaffected versions: