CVE-2019-16224

Vulnerability

Overview

CVE-2019-16224 is a memory safety defect in py-lmdb version 0.97, a Python binding for the LMDB embedded database library. The issue arises in the mdb_node_add function, which does not correctly set up the destination pointer for a memcpy operation when certain values of md_flags are used. This results in an invalid write operation (out-of-bounds or misaligned write) when processing a specially crafted LMDB data file [1].

Exploitation

Prerequisites

Exploitation requires the attacker to supply a malicious data.mdb file. Any application using py-lmdb 0.97 that opens an untrusted LMDB file and triggers the node insertion path can be affected. No additional authentication is needed if the application processes foreign database files [1][2].

Impact

A successful invalid write can cause the Python interpreter to crash (denial of service) or, in more severe cases, corrupt memory in a way that might allow arbitrary code execution. The root cause is an uninitialized or incorrectly computed destination for the memory copy, leading to a write beyond allocated buffers [1][2].

Mitigation

Status

The vulnerability is specific to py-lmdb 0.97. Users should upgrade to a later version (the project now supports Python >= 3.9 and has continued development) [4]. No known workarounds other than avoiding untrusted .mdb files with the vulnerable version have been documented. The issue was reported independently and a proof-of-concept was made available by the researchers as part of their disclosure [2].