{"api_version":"1","generated_at":"2026-04-22T23:31:06+00:00","cve":"CVE-2021-32559","urls":{"html":"https://cve.report/CVE-2021-32559","api":"https://cve.report/api/cve/CVE-2021-32559.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-32559","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-32559"},"summary":{"title":"CVE-2021-32559","description":"An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2021-07-06 12:15:00","updated_at":"2021-09-14 14:40:00"},"problem_types":["CWE-190"],"metrics":[],"references":[{"url":"https://github.com/mhammond/pywin32/pull/1701","name":"https://github.com/mhammond/pywin32/pull/1701","refsource":"MISC","tags":[],"title":"PyACL - Fixing integer overflows that occur when resizing ACLs by joshua-triplett-mandiant · Pull Request #1701 · mhammond/pywin32 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/mhammond/pywin32/releases","name":"https://github.com/mhammond/pywin32/releases","refsource":"MISC","tags":[],"title":"Releases · mhammond/pywin32 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/mhammond/pywin32/issues/1700","name":"https://github.com/mhammond/pywin32/issues/1700","refsource":"MISC","tags":[],"title":"Integer overflow in PyACL · Issue #1700 · mhammond/pywin32 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md","name":"https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md","refsource":"MISC","tags":[],"title":"Vulnerability-Disclosures/FEYE-2021-0017.md at master · fireeye/Vulnerability-Disclosures · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-32559","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32559","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"32559","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"pywin32_project","cpe5":"pywin32","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-32559","qid":"379545","title":"Splunk Enterprise Third Party Package Updates for March 2024 (SVD-2024-0303)"},{"cve":"CVE-2021-32559","qid":"981720","title":"Python (pip) Security Update for pywin32 (GHSA-hwfp-hg2m-9vr2)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2021-32559","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://github.com/mhammond/pywin32/releases","refsource":"MISC","name":"https://github.com/mhammond/pywin32/releases"},{"refsource":"MISC","name":"https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md","url":"https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0017/FEYE-2021-0017.md"},{"refsource":"MISC","name":"https://github.com/mhammond/pywin32/issues/1700","url":"https://github.com/mhammond/pywin32/issues/1700"},{"refsource":"MISC","name":"https://github.com/mhammond/pywin32/pull/1701","url":"https://github.com/mhammond/pywin32/pull/1701"}]}},"nvd":{"publishedDate":"2021-07-06 12:15:00","lastModifiedDate":"2021-09-14 14:40:00","problem_types":["CWE-190"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:pywin32_project:pywin32:*:*:*:*:*:*:*:*","versionEndExcluding":"b301","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"32559","Ordinal":"207944","Title":"CVE-2021-32559","CVE":"CVE-2021-32559","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"32559","Ordinal":"1","NoteData":"An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"32559","Ordinal":"2","NoteData":"2021-07-06","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"32559","Ordinal":"3","NoteData":"2021-07-15","Type":"Other","Title":"Modified"}]}}}