CVE-2019-16227

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-16227

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16227.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-16227

Aliases

Downstream

DEBIAN-CVE-2019-16227

UBUNTU-CVE-2019-16227

Published

2019-09-11T15:15:11.513Z

Modified

2025-11-20T10:58:19.244992Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in py-lmdb 0.97. For certain values of mnflags, mdbcursorset triggers a memcpy with an invalid write operation within mdbxcursor_init1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.

References

https://github.com/TeamSeri0us/pocs/tree/master/lmdb/lmdb%20memcpy%20illegal%20dst

Affected packages

Git / github.com/jnwatson/py-lmdb

Affected ranges

Type: GIT
Repo: https://github.com/jnwatson/py-lmdb
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2765beed9c72816d6ff4aa42bb25aa293a4c915e

Affected versions

Other

last-cython-version

py-lmdb_0.*

py-lmdb_0.1

py-lmdb_0.2

py-lmdb_0.3

py-lmdb_0.4

py-lmdb_0.5

py-lmdb_0.51

py-lmdb_0.52

py-lmdb_0.53

py-lmdb_0.54

py-lmdb_0.56

py-lmdb_0.57

py-lmdb_0.58

py-lmdb_0.59

py-lmdb_0.60

py-lmdb_0.61

py-lmdb_0.62

py-lmdb_0.63

py-lmdb_0.64

py-lmdb_0.65

py-lmdb_0.66

py-lmdb_0.67

py-lmdb_0.68

py-lmdb_0.69

py-lmdb_0.70

py-lmdb_0.71

py-lmdb_0.72

py-lmdb_0.73

py-lmdb_0.74

py-lmdb_0.75

py-lmdb_0.76

py-lmdb_0.77

py-lmdb_0.78

py-lmdb_0.79

py-lmdb_0.80

py-lmdb_0.81

py-lmdb_0.82

py-lmdb_0.83

py-lmdb_0.84

py-lmdb_0.85

py-lmdb_0.86

py-lmdb_0.87

py-lmdb_0.88

py-lmdb_0.89

py-lmdb_0.91

py-lmdb_0.92

py-lmdb_0.93

py-lmdb_0.94

py-lmdb_0.95

py-lmdb_0.96

py-lmdb_0.97

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16227.json"