CVE-2021-32559
Integer overflow in pywin32
6.5
MEDIUM
CVSS 3.1
EPSS 0.19%
Description
An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.
How to fix CVE-2021-32559
To remediate CVE-2021-32559, upgrade the affected package to a fixed version below.
- —upgrade to 301 or later
- —upgrade to 301 or later
Is CVE-2021-32559 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 301
- from 0, < 301
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |