CVE-2019-16226

Name of the Vulnerable Software and Affected Versions py-lmdb version 0.97

Description The issue is related to the mdb node del function in the py-lmdb module, which does not properly validate a memmove operation when encountering an unexpected node->mn hi value. This can lead to an invalid write operation, potentially causing a buffer overflow in memory when processing a data.mdb file. The exploitation of this issue could allow a remote attacker to cause a denial of service.

Recommendations For py-lmdb version 0.97, as a temporary workaround, consider disabling the mdb node del function until a patch is available. Restrict access to the data.mdb file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.