CVE-2021-32559

{"id": "CVE-2021-32559", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-07-06T12:15:21.887", "references": [{"url": "https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/mhammond/pywin32/issues/1700", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/mhammond/pywin32/pull/1701", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/mhammond/pywin32/releases", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/mhammond/pywin32/issues/1700", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/mhammond/pywin32/pull/1701", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/mhammond/pywin32/releases", "tags": ["Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process."}, {"lang": "es", "value": "Se presenta un desbordamiento de enteros en pywin32 versiones anteriores a b301, cuando se agrega una entrada de control de acceso (ACE) a una lista de control de acceso (ACL) que causar\u00eda que el tama\u00f1o sea superior a 65535 bytes. Un atacante que explotara con \u00e9xito esta vulnerabilidad podr\u00eda bloquear el proceso vulnerable"}], "lastModified": "2024-11-21T06:07:16.220", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pywin32_project:pywin32:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7171765-3E9C-47EA-88F7-98B459FF6BBC", "versionEndExcluding": "b301"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}