CVE-2021-32559 - OpenCVE

An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pywin32 Project	Pywin32

Configuration 1 [-]

cpe:2.3:a:pywin32_project:pywin32:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md
https://github.com/mhammond/pywin32/issues/1700
https://github.com/mhammond/pywin32/pull/1701
https://github.com/mhammond/pywin32/releases

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-07-06T11:35:05

Updated: 2024-08-03T23:25:30.883Z

Reserved: 2021-05-11T00:00:00

Link: CVE-2021-32559

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-07-06T12:15:21.887

Modified: 2021-09-14T14:40:55.670

Link: CVE-2021-32559

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-15T13:36:09", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/mhammond/pywin32/releases"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mhammond/pywin32/issues/1700"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mhammond/pywin32/pull/1701"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-32559", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/mhammond/pywin32/releases", "refsource": "MISC", "url": "https://github.com/mhammond/pywin32/releases"}, {"name": "https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md", "refsource": "MISC", "url": "https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md"}, {"name": "https://github.com/mhammond/pywin32/issues/1700", "refsource": "MISC", "url": "https://github.com/mhammond/pywin32/issues/1700"}, {"name": "https://github.com/mhammond/pywin32/pull/1701", "refsource": "MISC", "url": "https://github.com/mhammond/pywin32/pull/1701"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:25:30.883Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/mhammond/pywin32/releases"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/mhammond/pywin32/issues/1700"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/mhammond/pywin32/pull/1701"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-32559", "datePublished": "2021-07-06T11:35:05", "dateReserved": "2021-05-11T00:00:00", "dateUpdated": "2024-08-03T23:25:30.883Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pywin32_project:pywin32:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7171765-3E9C-47EA-88F7-98B459FF6BBC", "versionEndExcluding": "b301", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process."}, {"lang": "es", "value": "Se presenta un desbordamiento de enteros en pywin32 versiones anteriores a b301, cuando se agrega una entrada de control de acceso (ACE) a una lista de control de acceso (ACL) que causar\u00eda que el tama\u00f1o sea superior a 65535 bytes. Un atacante que explotara con \u00e9xito esta vulnerabilidad podr\u00eda bloquear el proceso vulnerable"}], "id": "CVE-2021-32559", "lastModified": "2021-09-14T14:40:55.670", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-06T12:15:21.887", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/mhammond/pywin32/issues/1700"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/mhammond/pywin32/pull/1701"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/mhammond/pywin32/releases"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}