CVE-2021-32559 - Vulnerability Details - OpenCVE

An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00191.

Key SSVC decision points have not yet been added.

Vendors	Products
Mhammond	Pywin32

Configuration 1 [-]

cpe:2.3:a:mhammond:pywin32:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md
https://github.com/mhammond/pywin32/issues/1700
https://github.com/mhammond/pywin32/pull/1701
https://github.com/mhammond/pywin32/releases

History

Thu, 27 Mar 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mhammond Mhammond pywin32
CPEs	cpe:2.3:a:pywin32_project:pywin32::::::::	cpe:2.3:a:mhammond:pywin32::::::::
Vendors & Products	Pywin32 Project Pywin32 Project pywin32	Mhammond Mhammond pywin32

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-07-06T11:35:05

Updated: 2024-08-03T23:25:30.883Z

Reserved: 2021-05-11T00:00:00

Link: CVE-2021-32559

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-07-06T12:15:21.887

Modified: 2025-03-27T14:43:05.030

Link: CVE-2021-32559

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-15T13:36:09", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/mhammond/pywin32/releases"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mhammond/pywin32/issues/1700"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mhammond/pywin32/pull/1701"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-32559", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/mhammond/pywin32/releases", "refsource": "MISC", "url": "https://github.com/mhammond/pywin32/releases"}, {"name": "https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md", "refsource": "MISC", "url": "https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md"}, {"name": "https://github.com/mhammond/pywin32/issues/1700", "refsource": "MISC", "url": "https://github.com/mhammond/pywin32/issues/1700"}, {"name": "https://github.com/mhammond/pywin32/pull/1701", "refsource": "MISC", "url": "https://github.com/mhammond/pywin32/pull/1701"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:25:30.883Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/mhammond/pywin32/releases"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/mhammond/pywin32/issues/1700"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/mhammond/pywin32/pull/1701"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-32559", "datePublished": "2021-07-06T11:35:05", "dateReserved": "2021-05-11T00:00:00", "dateUpdated": "2024-08-03T23:25:30.883Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mhammond:pywin32:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A00427F-40FE-4DD4-B579-D445A84AFDB3", "versionEndExcluding": "301", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process."}, {"lang": "es", "value": "Se presenta un desbordamiento de enteros en pywin32 versiones anteriores a b301, cuando se agrega una entrada de control de acceso (ACE) a una lista de control de acceso (ACL) que causar\u00eda que el tama\u00f1o sea superior a 65535 bytes. Un atacante que explotara con \u00e9xito esta vulnerabilidad podr\u00eda bloquear el proceso vulnerable"}], "id": "CVE-2021-32559", "lastModified": "2025-03-27T14:43:05.030", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-06T12:15:21.887", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/mhammond/pywin32/issues/1700"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/mhammond/pywin32/pull/1701"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/mhammond/pywin32/releases"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/mhammond/pywin32/issues/1700"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/mhammond/pywin32/pull/1701"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/mhammond/pywin32/releases"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}