CVE-2026-22185

EUVD-2026-1169

07.01.2026, 21:16

OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Ubuntu Releases

Ubuntu Product

Codename

openldap

bionic	not-affected
focal	not-affected
jammy	not-affected
noble	not-affected
plucky	not-affected
questing	not-affected
trusty	not-affected
xenial	not-affected

lmdb

bionic	deferred
focal	deferred
jammy	deferred
noble	deferred
plucky	ignored
questing	deferred
trusty	not-affected
xenial	deferred

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

https://bugs.openldap.org/show_bug.cgi?id=10421

https://seclists.org/fulldisclosure/2026/Jan/5

https://seclists.org/fulldisclosure/2026/Jan/8

https://www.openldap.org/

https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline