Miggo Logo

CVE-2021-32559:
Integer overflow in pywin32

6.5

CVSS Score
3.1

Basic Information

EPSS Score
0.41477%
Published
8/9/2021
Updated
10/25/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
pywin32pip< 301301

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper size calculation in ACL management. The pull request #1701 specifically modifies PyACL code to add overflow checks (e.g., validating 'required_size' doesn't exceed 65535 or wrap around). The issue description explicitly mentions PyACL resizing logic, and the CWE-190 classification confirms this is an integer overflow scenario. The affected component aligns with the PyACL class's responsibility for access control list operations.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n int***r ov*r*low *xists in pywin** prior to v*rsion **** w**n ***in* *n ****ss *ontrol *ntry (***) to *n ****ss *ontrol list (**L) t**t woul* **us* t** siz* to ** *r**t*r t**n ***** *yt*s. *n *tt**k*r w*o su***ss*ully *xploit** t*is vuln*r**ility

Reasoning

T** vuln*r**ility st*ms *rom improp*r siz* **l*ul*tion in **L m*n***m*nt. T** pull r*qu*st #**** sp**i*i**lly mo*i*i*s `Py**L` *o** to *** ov*r*low ****ks (*.*., v*li**tin* 'r*quir**_siz*' *o*sn't *x**** ***** or wr*p *roun*). T** issu* **s*ription *