PT-2026-2159 · Openldap+2 · Openldap Lightning Memory-Mapped Database+2
Ron Edgerson
·
Published
2026-01-07
·
Updated
2026-03-10
·
CVE-2026-22185
CVSS v4.0
4.6
Medium
| Vector | AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14
Description
The software contains a heap buffer underflow in the
readline() function of mdb load. Processing malformed input with an embedded NUL byte can cause an unsigned offset calculation to underflow, resulting in an out-of-bounds read of one byte before the allocated heap buffer. This can lead to a denial-of-service condition due to a crash.Recommendations
Versions prior to 0.9.14 and commit 8e1fda8 should be updated.
Exploit
Fix
DoS
Integer Underflow
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Debian
Openldap Lightning Memory-Mapped Database
Red Os