CVE-2019-16226: LMDB invalid write
(updated )
An issue was discovered in py-lmdb 0.97. mdb_node_del
does not validate a memmove
in the case of an unexpected node->mn_hi
, leading to an invalid write operation.
References
- github.com/LMDB/lmdb/blob/mdb.master/libraries/liblmdb/mdb.c
- github.com/TeamSeri0us/pocs/tree/master/lmdb/lmdb%20memory%20corruption%20vuln
- github.com/advisories/GHSA-r8g9-w4f3-9crm
- github.com/jnwatson/py-lmdb
- github.com/jnwatson/py-lmdb/issues/210
- github.com/pypa/advisory-database/tree/main/vulns/lmdb/PYSEC-2019-238.yaml
- nvd.nist.gov/vuln/detail/CVE-2019-16226
- pypi.org/project/lmdb
Detect and mitigate CVE-2019-16226 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →