PT-2019-14589 · Lmdb+2 · Py-Lmdb+2

Publicado

2019-09-11

·

Atualizado

2026-03-25

·

CVE-2019-16227

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions py-lmdb version 0.97
Description An issue was discovered in py-lmdb where for certain values of mn flags, mdb cursor set triggers a memcpy with an invalid write operation within mdb xcursor init1. This issue occurs when accessing a data.mdb file supplied by an attacker.
Recommendations For py-lmdb version 0.97, consider restricting access to the mdb cursor set function until a patch is available, especially when handling data.mdb files from untrusted sources. As a temporary workaround, avoid using certain values of mn flags that trigger the invalid write operation within mdb xcursor init1.

Exploit

Correção

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALT-PU-2022-2146
ALT-PU-2022-2549
CVE-2019-16227
GHSA-PF3P-V9XP-MRVF
OPENSUSE-SU-2026:10430-1
PYSEC-2019-239

Produtos afetados

Alt Linux
Debian
Py-Lmdb