CVE-2021-32559
MEDIUMpywin32 < 301 - Denial of Service via Integer Overflow in ACL Entry Addition
Title source: llmDescription
An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.
References (4)
Core 4
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/mhammond/pywin32/releases
Third Party Advisory x_refsource_misc
https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md
Patch, Third Party Advisory x_refsource_misc
https://github.com/mhammond/pywin32/issues/1700
Third Party Advisory x_refsource_misc
https://github.com/mhammond/pywin32/pull/1701
Scores
CVSS v3
6.5
EPSS
0.0173
EPSS Percentile
74.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-190
Status
published
Products (2)
mhammond/pywin32
< 301
pypi/pywin32
0 - 301PyPI
Published
Jul 06, 2021
Tracked Since
Feb 18, 2026