py-lmdb Invalid write operation
Critical severity
GitHub Reviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Sep 30, 2024
Description
Published by the National Vulnerability Database
Sep 11, 2019
Published to the GitHub Advisory Database
May 24, 2022
Reviewed
Apr 22, 2024
Last updated
Sep 30, 2024
An issue was discovered in py-lmdb 0.97. For certain values of
md_flags
,mdb_node_add
does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing adata.mdb
file supplied by an attacker.References