DEBIAN-CVE-2026-22185

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2026-22185

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-22185.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-22185

Upstream

CVE-2026-22185

Published

2026-01-07T21:16:01.733Z

Modified

2026-01-13T11:07:32.788025Z

Severity

4.6 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdbload. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdbload to crash, leading to a limited denial-of-service condition.

References

https://security-tracker.debian.org/tracker/CVE-2026-22185

Affected packages

Debian:11

lmdb

Package

Name: lmdb
Purl: pkg:deb/debian/lmdb?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.24-1

0.9.31-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-22185.json"

openldap

Package

Name: openldap
Purl: pkg:deb/debian/openldap?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.57+dfsg-3

2.4.57+dfsg-3+deb11u1~bpo10+1

2.4.57+dfsg-3+deb11u1

2.4.59+dfsg-1~bpo11+1

2.4.59+dfsg-1

2.5.4+dfsg-1~exp1

2.5.5+dfsg-1~exp1

2.5.6+dfsg-1~exp1

2.5.7+dfsg-1~exp1

2.5.8+dfsg-1~exp1

2.5.11+dfsg-1~exp1

2.5.11+dfsg-1

2.5.12+dfsg-1

2.5.12+dfsg-2

2.5.13+dfsg-1

2.5.13+dfsg-2~bpo11+1

2.5.13+dfsg-2

2.5.13+dfsg-3

2.5.13+dfsg-4

2.5.13+dfsg-5

2.5.13+dfsg-5+loong64

2.5.16+dfsg-1

2.5.16+dfsg-2

2.5.17+dfsg-1

2.5.18+dfsg-1

2.5.18+dfsg-2

2.5.18+dfsg-3

2.5.19+dfsg-1

2.6.2+dfsg-1~exp1

2.6.2+dfsg-1~exp2

2.6.3+dfsg-1~exp1

2.6.4+dfsg-1~exp1

2.6.5+dfsg-1~exp1

2.6.6+dfsg-1~exp1

2.6.6+dfsg-1~exp2

2.6.7+dfsg-1~exp1

2.6.8+dfsg-1~exp1

2.6.8+dfsg-1~exp2

2.6.8+dfsg-1~exp3

2.6.8+dfsg-1~exp4

2.6.9+dfsg-1~exp1

2.6.9+dfsg-1~exp2

2.6.9+dfsg-1

2.6.9+dfsg-2

2.6.10+dfsg-1

1:1.*

1:1.2.12-1

2:1.*

2:1.2.12.1-1

2:1.2.12.1-1.0.1

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-22185.json"

Debian:12

lmdb

Package

Name: lmdb
Purl: pkg:deb/debian/lmdb?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.24-1

0.9.31-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-22185.json"

openldap

Package

Name: openldap
Purl: pkg:deb/debian/openldap?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.5.13+dfsg-5

2.5.13+dfsg-5+loong64

2.5.16+dfsg-1

2.5.16+dfsg-2

2.5.17+dfsg-1

2.5.18+dfsg-1

2.5.18+dfsg-2

2.5.18+dfsg-3

2.5.19+dfsg-1

2.6.2+dfsg-1~exp1

2.6.2+dfsg-1~exp2

2.6.3+dfsg-1~exp1

2.6.4+dfsg-1~exp1

2.6.5+dfsg-1~exp1

2.6.6+dfsg-1~exp1

2.6.6+dfsg-1~exp2

2.6.7+dfsg-1~exp1

2.6.8+dfsg-1~exp1

2.6.8+dfsg-1~exp2

2.6.8+dfsg-1~exp3

2.6.8+dfsg-1~exp4

2.6.9+dfsg-1~exp1

2.6.9+dfsg-1~exp2

2.6.9+dfsg-1

2.6.9+dfsg-2

2.6.10+dfsg-1

1:1.*

1:1.2.12-1

2:1.*

2:1.2.12.1-1

2:1.2.12.1-1.0.1

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-22185.json"

Debian:13

lmdb

Package

Name: lmdb
Purl: pkg:deb/debian/lmdb?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.31-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-22185.json"

openldap

Package

Name: openldap
Purl: pkg:deb/debian/openldap?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.6.10+dfsg-1

1:1.*

1:1.2.12-1

2:1.*

2:1.2.12.1-1

2:1.2.12.1-1.0.1

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-22185.json"

Debian:14

lmdb

Package

Name: lmdb
Purl: pkg:deb/debian/lmdb?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.31-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-22185.json"

openldap

Package

Name: openldap
Purl: pkg:deb/debian/openldap?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.6.10+dfsg-1

1:1.*

1:1.2.12-1

2:1.*

2:1.2.12.1-1

2:1.2.12.1-1.0.1

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-22185.json"