CVE-2019-16227

CRITICAL

py-lmdb <0.97 - Memory Corruption

Title source: llm

Description

An issue was discovered in py-lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/TeamSeri0us/pocs/tree/master/lmdb/lmdb%20memcpy%20illegal%20dst

View Exploit ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0040

EPSS Percentile 60.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (2)

py-lmdb_project/py-lmdb < 0.97

pypi/lmdb 0PyPI

Published Sep 11, 2019

Tracked Since Feb 18, 2026