Home

Description

OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.

PUBLISHED Reserved 2026-01-06 | Published 2026-01-07 | Updated 2026-01-14 | Assigner VulnCheck




MEDIUM: 4.6CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-125 Out-of-bounds Read

CWE-191 Integer Underflow (Wrap or Wraparound)

Product status

Default status
unaffected

0.9.14 (semver) before 0.9.34
affected

Credits

Ron Edgerson finder

References

seclists.org/fulldisclosure/2026/Jan/5 technical-description exploit

seclists.org/fulldisclosure/2026/Jan/8 technical-description exploit

www.openldap.org/ product

www.vulncheck.com/...-load-heap-buffer-underflow-in-readline third-party-advisory

bugs.openldap.org/show_bug.cgi?id=10421 issue-tracking patch

cve.org (CVE-2026-22185)

nvd.nist.gov (CVE-2026-22185)

Download JSON