Integer overflow in pywin32
dependabot-gitlab
has detected security vulnerability for pywin32
in path: /
, manifest_file: /pyproject.toml
but was unable to update it!
Package | Severity | Affected versions | Patched versions | IDs |
---|---|---|---|---|
pywin32 (PIP) | MODERATE | < 301 | 301 |
GHSA-hwfp-hg2m-9vr2 ,CVE-2021-32559
|
Description
An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.
References
- https://nvd.nist.gov/vuln/detail/CVE-2021-32559
- https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md
- https://github.com/mhammond/pywin32/releases
- https://github.com/mhammond/pywin32/issues/1700
- https://github.com/mhammond/pywin32/pull/1701
- https://github.com/advisories/GHSA-hwfp-hg2m-9vr2