CVE-2021-32559
Description
An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.191
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in Duo Security Authentication Proxy 6.3.0 | Windows |
| Multiple vulnerabilities are fixed in Duo Security Authentication Proxy (6.2.0) | Windows |
| Multiple vulnerabilities are fixed in Duo Security Authentication Proxy (6.1.0) | Windows |
| Multiple vulnerabilities are fixed in Duo Security Authentication Proxy (6.3.0) | Windows |
| Multiple vulnerabilities are fixed in Duo Security Authentication Proxy (6.0.2) | Windows |
| Multiple vulnerabilities are fixed in Duo Security Authentication Proxy (6.0.1) | Windows |
| Vulnerabilities CVE-2021-32559 are fixed in Python-pywin32 301 | Windows |
| Vulnerabilities CVE-2021-32559 are fixed in Python-pywin32 for linux 301 | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-336032 | Duo Security Authentication Proxy (6.3.0) |
| PATCH-338054 | Duo Security Authentication Proxy (6.4.0) |
| PATCH-338227 | Duo Security Authentication Proxy (6.4.1) |
| PATCH-342393 | Duo Security Authentication Proxy (6.4.2) |
| PATCH-342393 | Duo Security Authentication Proxy (6.4.2) |
| PATCH-347413 | Duo Security Authentication Proxy (6.5.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234