GHSA-hwfp-hg2m-9vr2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-hwfp-hg2m-9vr2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-hwfp-hg2m-9vr2/GHSA-hwfp-hg2m-9vr2.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-hwfp-hg2m-9vr2
- Aliases
- Published
- 2021-08-09T20:43:44Z
- Modified
- 2024-10-25T21:22:23.819172Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Integer overflow in pywin32
- Details
-
An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.
- Database specific
{ "nvd_published_at": "2021-07-06T12:15:00Z", "cwe_ids": [ "CWE-190" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2021-07-07T16:45:27Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-32559
- https://github.com/mhammond/pywin32/issues/1700
- https://github.com/mhammond/pywin32/pull/1701
- https://github.com/advisories/GHSA-hwfp-hg2m-9vr2
- https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md
- https://github.com/mhammond/pywin32
- https://github.com/mhammond/pywin32/releases
- https://github.com/pypa/advisory-database/tree/main/vulns/pywin32/PYSEC-2021-112.yaml
Affected packages
PyPI / pywin32
Package
- Name
- pywin32
- View open source insights on deps.dev
- Purl
- pkg:pypi/pywin32