CVE-2026-22185

Name
CVE-2026-22185
Description
OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
technical-description https://seclists.org/fulldisclosure/2026/Jan/5
technical-description https://seclists.org/fulldisclosure/2026/Jan/8
product https://www.openldap.org/
third-party-advisory https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline
issue-tracking https://bugs.openldap.org/show_bug.cgi?id=10421

Match rules

CPE URI Source package Min version Max version
openldap >= 0.9.14 < 0.9.34

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
openldap edge-main 2.6.10-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
openldap edge-main 2.6.8-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
openldap edge-main 2.6.2-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
openldap edge-main 2.4.57-r1 None possibly vulnerable
openldap edge-main 2.4.57-r0 None possibly vulnerable
openldap edge-main 2.4.56-r0 None possibly vulnerable
openldap edge-main 2.4.50-r0 None possibly vulnerable
openldap edge-main 2.4.48-r0 None possibly vulnerable
openldap edge-main 2.4.46-r0 None possibly vulnerable
openldap edge-main 2.4.44-r5 None possibly vulnerable
openldap 3.23-main 2.6.10-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
openldap 3.22-main 2.6.8-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
openldap 3.22-main 2.6.2-r0 None possibly vulnerable
openldap 3.22-main 2.4.57-r1 None possibly vulnerable
openldap 3.22-main 2.4.57-r0 None possibly vulnerable
openldap 3.22-main 2.4.56-r0 None possibly vulnerable
openldap 3.22-main 2.4.50-r0 None possibly vulnerable
openldap 3.22-main 2.4.48-r0 None possibly vulnerable
openldap 3.22-main 2.4.46-r0 None possibly vulnerable
openldap 3.22-main 2.4.44-r5 None possibly vulnerable
openldap 3.21-main 2.6.8-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
openldap 3.21-main 2.6.2-r0 None possibly vulnerable
openldap 3.21-main 2.4.57-r1 None possibly vulnerable
openldap 3.21-main 2.4.57-r0 None possibly vulnerable
openldap 3.21-main 2.4.56-r0 None possibly vulnerable
openldap 3.21-main 2.4.50-r0 None possibly vulnerable
openldap 3.21-main 2.4.48-r0 None possibly vulnerable
openldap 3.21-main 2.4.46-r0 None possibly vulnerable
openldap 3.21-main 2.4.44-r5 None possibly vulnerable
openldap 3.20-main 2.6.8-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
openldap 3.20-main 2.6.2-r0 None possibly vulnerable
openldap 3.20-main 2.4.57-r1 None possibly vulnerable
openldap 3.20-main 2.4.57-r0 None possibly vulnerable
openldap 3.20-main 2.4.56-r0 None possibly vulnerable
openldap 3.20-main 2.4.50-r0 None possibly vulnerable
openldap 3.20-main 2.4.48-r0 None possibly vulnerable
openldap 3.20-main 2.4.46-r0 None possibly vulnerable
openldap 3.20-main 2.4.44-r5 None possibly vulnerable
openldap 3.19-main 2.6.6-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
openldap 3.19-main 2.6.2-r0 None possibly vulnerable
openldap 3.19-main 2.4.57-r1 None possibly vulnerable
openldap 3.19-main 2.4.57-r0 None possibly vulnerable
openldap 3.19-main 2.4.56-r0 None possibly vulnerable
openldap 3.19-main 2.4.50-r0 None possibly vulnerable
openldap 3.19-main 2.4.48-r0 None possibly vulnerable
openldap 3.19-main 2.4.46-r0 None possibly vulnerable
openldap 3.19-main 2.4.44-r5 None possibly vulnerable