CVE-2021-32559 – pywin32

Package

Manager: pip
Name: pywin32
Vulnerable Version: >=0 <301

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00191 pctl0.41196

Details

Integer overflow in pywin32 An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.

Metadata

Created: 2021-08-09T20:43:44Z
Modified: 2025-03-27T17:43:16Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-hwfp-hg2m-9vr2/GHSA-hwfp-hg2m-9vr2.json
CWE IDs: ["CWE-190"]
Alternative ID: GHSA-hwfp-hg2m-9vr2
Finding: F111
Auto approve: 1