CVE-2019-16228

Vulnerability

Analysis

CVE-2019-16228 describes a divide-by-zero error in py-lmdb, a Python binding for the LMDB Lightning Memory-Mapped Database. The issue resides in the function mdb_env_open2, which is called during the process of opening an LMDB environment. The error occurs when mdb_env_read_header reads a zero value for a certain size field from the database file. This flaw was discovered in py-lmdb version 0.97 and reported by researchers [1].

Exploitation

The vulnerability is triggered by providing a malformed data.mdb file as input. An attacker must supply a crafted database file that contains a zero value for a specific size field. When py-lmdb attempts to open this malicious file, the mdb_env_open2 function performs a division operation using this zero value, resulting in a floating-point exception (FPE) or a divide-by-zero error. No authentication is required beyond the ability to supply the file, meaning any user or application that loads an untrusted LMDB database is vulnerable [2].

Impact

Successful exploitation leads to a program crash or denial-of-service (DoS). The divide-by-zero error causes the process to abort, interrupting any functionality dependent on py-lmdb. While the vulnerability does not directly allow arbitrary code execution, it can be used to reliably disable services or applications that process untrusted LMDB files. The issue has been confirmed in py-lmdb 0.97, and a proof-of-concept (PoC) trigger was published by the research team [2].

Mitigation

As of the disclosure date (September 2019), the vulnerability was present in py-lmdb 0.97. Users should upgrade to a patched version if available. The official py-lmdb repository maintained by jnwatson has since evolved, with later versions dropping support for Python 2.7 and focusing on Python 3.9+ [4]. The Python Packaging Advisory Database lists this issue as PYSEC-2019-240, and it is recommended to follow the maintainer's updates to obtain the fix [3].