Описание
OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.
A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.
Отчет
This vulnerability is classified as Moderate rather than Important because its impact and exploitability are limited in scope and consequence. The flaw results in a one-byte heap out-of-bounds read caused by an integer underflow in mdb_load, which is a local, administrative utility rather than a long-running network-exposed service. Exploitation requires local execution and the ability to supply a malformed LMDB input file, significantly reducing the attack surface. While the issue can reliably trigger a process crash and may disclose minimal adjacent heap data, it does not allow memory corruption, privilege escalation, or arbitrary code execution. The confidentiality impact is low and bounded, and the availability impact is confined to the mdb_load invocation itself, not to the OpenLDAP daemon or directory service at runtime.
Меры по смягчению последствий
To reduce the risk from this vulnerability, administrators should avoid processing untrusted or externally supplied LMDB database files with mdb_load and restrict its use to trusted, local users only.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | openldap | Fix deferred | ||
| Red Hat Enterprise Linux 6 | compat-openldap | Fix deferred | ||
| Red Hat Enterprise Linux 6 | openldap | Fix deferred | ||
| Red Hat Enterprise Linux 7 | compat-openldap | Fix deferred | ||
| Red Hat Enterprise Linux 7 | openldap | Fix deferred | ||
| Red Hat Enterprise Linux 8 | openldap | Fix deferred | ||
| Red Hat Enterprise Linux 9 | openldap | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
6.8 Medium
CVSS3
Связанные уязвимости
OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.
OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.
OpenLDAP <= 2.6.10 LMDB mdb_load Heap Buffer Underflow in readline()
OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and in ...
EPSS
6.8 Medium
CVSS3