CVE-2019-16226 – CVE-2019-16226 is a memory corruption vulnerabi... (How to Fix)

Q: What is the severity of CVE-2019-16226?

CVE-2019-16226 has a CVSS score of 7.5 (HIGH). CVE-2019-16226 is a memory corruption vulnerability in py-lmdb 0.97 where mdb_node_del fails to validate a memmove operation when processing a malicious data.mdb file. This allows an attacker to perform invalid write operations that could lead to arbitrary code execution or denial of service. Systems using py-lmdb to process untrusted database files are affected.

📋 TL;DR

CVE-2019-16226 is a memory corruption vulnerability in py-lmdb 0.97 where mdb_node_del fails to validate a memmove operation when processing a malicious data.mdb file. This allows an attacker to perform invalid write operations that could lead to arbitrary code execution or denial of service. Systems using py-lmdb to process untrusted database files are affected.

💻 Affected Systems

Products:

py-lmdb

Versions: Version 0.97 specifically

Operating Systems: All platforms running py-lmdb

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems that process data.mdb files from untrusted sources. The vulnerability is triggered when reading malicious database files.

📦 What is this software?

Py Lmdb by Py Lmdb Project

View all CVEs affecting Py Lmdb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the py-lmdb process, potentially leading to full system compromise.

🟠

Likely Case

Application crash or denial of service due to memory corruption when processing malicious database files.

🟢

If Mitigated

Limited impact if proper input validation and file source controls prevent processing of untrusted data.mdb files.

🌐 Internet-Facing: MEDIUM - Exploitation requires the ability to supply a malicious data.mdb file to the vulnerable application, which may be possible through file upload features or API endpoints.

🏢 Internal Only: LOW - Requires an attacker with internal access to supply malicious files or compromise internal systems that generate database files.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires the attacker to supply a specially crafted data.mdb file to the vulnerable application. Public proof-of-concept code demonstrates memory corruption but not full RCE.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: py-lmdb 0.98 and later

Vendor Advisory: https://github.com/jnwatson/py-lmdb/issues/169

Restart Required: Yes

Instructions:

1. Upgrade py-lmdb to version 0.98 or later using pip: pip install --upgrade lmdb 2. Restart any applications using py-lmdb 3. Verify the upgrade was successful

🔧 Temporary Workarounds

Input validation for database files

all

Implement strict validation of data.mdb file sources and integrity checks before processing

Sandbox py-lmdb processing

linux

Run py-lmdb operations in isolated containers or with reduced privileges

docker run --read-only --cap-drop=ALL -v /safe/data:/data your-app

🧯 If You Can't Patch

Implement strict access controls to prevent untrusted data.mdb files from reaching the vulnerable application
Monitor for crashes or abnormal behavior in applications using py-lmdb and implement immediate incident response procedures

🔍 How to Verify

Check if Vulnerable:

Check py-lmdb version: python -c "import lmdb; print(lmdb.__version__)" - if output is '0.97', the system is vulnerable.

Check Version:

python -c "import lmdb; print(lmdb.__version__)"

Verify Fix Applied:

After upgrading, verify version is 0.98 or higher using the same command and test with known safe data.mdb files.

📡 Detection & Monitoring

Log Indicators:

Application crashes or segmentation faults when processing database files
Unexpected memory access errors in application logs

Network Indicators:

Unusual file uploads to endpoints that process database files
Large or malformed data.mdb file transfers

SIEM Query:

source="application.logs" AND ("segmentation fault" OR "memory corruption" OR "invalid write") AND process="python"

📊 Metadata

CVE ID: CVE-2019-16226

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

Published: September 11, 2019

Last Updated: November 21, 2024

🔗 References

https://github.com/TeamSeri0us/pocs/tree/master/lmdb/lmdb%20memory%20corruption%20vuln Exploit,Third Party Advisory
https://github.com/TeamSeri0us/pocs/tree/master/lmdb/lmdb%20memory%20corruption%20vuln Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-16226, you might also want to check these: