CVE-2019-16228

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions py-lmdb version 0.97

Description An issue was discovered in the function mdb env open2 where a divide-by-zero error occurs if mdb env read header obtains a zero value for a certain size field. This issue arises when accessing a data.mdb file supplied by an attacker.

Recommendations For py-lmdb version 0.97, consider avoiding the use of mdb env open2 function when accessing untrusted data.mdb files until a patch is available. As a temporary workaround, restrict access to potentially malicious data.mdb files to minimize the risk of exploitation.

Exploit

Fix

Divide By Zero

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-369

Related Identifiers

ALT-PU-2022-2146

ALT-PU-2022-2549

CVE-2019-16228

GHSA-GGWQ-VRGP-6GV4

OPENSUSE-SU-2026:10430-1

PYSEC-2019-240

Affected Products

Alt Linux

Debian

Py-Lmdb

CVE-2019-16228

Weakness Enumeration

Related Identifiers

Affected Products

References · 19