CVE-2021-32559: Integer overflow in pywin32
(updated )
An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.
References
- github.com/advisories/GHSA-hwfp-hg2m-9vr2
- github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md
- github.com/mhammond/pywin32
- github.com/mhammond/pywin32/issues/1700
- github.com/mhammond/pywin32/pull/1701
- github.com/mhammond/pywin32/releases
- github.com/pypa/advisory-database/tree/main/vulns/pywin32/PYSEC-2021-112.yaml
- nvd.nist.gov/vuln/detail/CVE-2021-32559
Code Behaviors & Features
Detect and mitigate CVE-2021-32559 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →