Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yOGc5LXc0ZjMtOWNybc4AAiBx
LMDB invalid write
An issue was discovered in py-lmdb 0.97. mdb_node_del
does not validate a memmove
in the case of an unexpected node->mn_hi
, leading to an invalid write operation.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yOGc5LXc0ZjMtOWNybc4AAiBx
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: about 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-r8g9-w4f3-9crm, CVE-2019-16226
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-16226
- https://github.com/TeamSeri0us/pocs/tree/master/lmdb/lmdb%20memory%20corruption%20vuln
- https://github.com/jnwatson/py-lmdb/issues/210
- https://github.com/LMDB/lmdb/blob/mdb.master/libraries/liblmdb/mdb.c#L8443-L8498
- https://github.com/advisories/GHSA-r8g9-w4f3-9crm
Blast Radius: 26.2
Affected Packages
pypi:lmdb
Dependent packages: 142Dependent repositories: 3,103
Downloads: 1,754,883 last month
Affected Version Ranges: <= 0.97
No known fixed version
All affected versions: