CVE-2019-16227 – CVE-2019-16227 is a critical memory corruption ... (How to Fix)

Q: What is the severity of CVE-2019-16227?

CVE-2019-16227 has a CVSS score of 9.8 (CRITICAL). CVE-2019-16227 is a critical memory corruption vulnerability in py-lmdb 0.97 that allows attackers to trigger an invalid write operation via memcpy when processing malicious data.mdb files. This can lead to arbitrary code execution or denial of service. Any application using the vulnerable py-lmdb library to process untrusted LMDB database files is affected.

📋 TL;DR

CVE-2019-16227 is a critical memory corruption vulnerability in py-lmdb 0.97 that allows attackers to trigger an invalid write operation via memcpy when processing malicious data.mdb files. This can lead to arbitrary code execution or denial of service. Any application using the vulnerable py-lmdb library to process untrusted LMDB database files is affected.

💻 Affected Systems

Products:

py-lmdb

Versions: Version 0.97 specifically

Operating Systems: All platforms where py-lmdb is used (Linux, Windows, macOS, etc.)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects py-lmdb 0.97; other versions are not vulnerable. The vulnerability is triggered when processing attacker-controlled data.mdb files.

📦 What is this software?

Py Lmdb by Py Lmdb Project

View all CVEs affecting Py Lmdb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the application processing the malicious database file, potentially leading to complete system compromise.

🟠

Likely Case

Application crash (denial of service) or memory corruption leading to unpredictable behavior.

🟢

If Mitigated

Limited impact if the application runs with minimal privileges and processes only trusted database files.

🌐 Internet-Facing: HIGH - If the application accepts untrusted LMDB files from external sources (e.g., file uploads), exploitation is straightforward.

🏢 Internal Only: MEDIUM - Risk exists if internal users can supply malicious database files, but attack surface is more limited.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept code is publicly available. Exploitation requires the attacker to supply a malicious data.mdb file to the vulnerable application.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: py-lmdb 0.98 and later

Vendor Advisory: https://github.com/jnwatson/py-lmdb/issues/167

Restart Required: Yes

Instructions:

1. Upgrade py-lmdb to version 0.98 or later using pip: 'pip install --upgrade lmdb'. 2. Restart any applications using py-lmdb to load the patched library.

🔧 Temporary Workarounds

Input validation for LMDB files

all

Implement strict validation to ensure only trusted, known-good data.mdb files are processed by the application.

Sandboxing

all

Run the application in a sandboxed environment with limited privileges to reduce impact if exploitation occurs.

🧯 If You Can't Patch

Restrict file uploads or processing of external LMDB files to trusted sources only.
Implement application-level monitoring for crashes or abnormal behavior related to database file processing.

🔍 How to Verify

Check if Vulnerable:

Check the installed py-lmdb version: 'pip show lmdb' or 'python -c "import lmdb; print(lmdb.__version__)"'. If version is 0.97, the system is vulnerable.

Check Version:

python -c "import lmdb; print(lmdb.__version__)"

Verify Fix Applied:

After upgrading, verify the version is 0.98 or higher using the same commands.

📡 Detection & Monitoring

Log Indicators:

Application crashes or segmentation faults when processing database files
Unexpected memory access errors in application logs

Network Indicators:

Unusual file uploads of .mdb files to vulnerable endpoints

SIEM Query:

Example: 'event_type:crash AND process_name:*python* AND error_message:*memcpy* OR *segmentation fault*'

📊 Metadata

CVE ID: CVE-2019-16227

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: September 11, 2019

Last Updated: November 21, 2024

🔗 References

https://github.com/TeamSeri0us/pocs/tree/master/lmdb/lmdb%20memcpy%20illegal%20dst Exploit,Third Party Advisory
https://github.com/TeamSeri0us/pocs/tree/master/lmdb/lmdb%20memcpy%20illegal%20dst Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-16227, you might also want to check these: