CVE Vulnerabilities

CVE-2019-16228

Divide By Zero

Published: Sep 11, 2019 | Modified: Sep 14, 2020
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_open2 if mdb_env_read_header obtains a zero value for a certain size field. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.

Weakness

The product divides a value by zero.

Affected Software

Name Vendor Start Version End Version
Py-lmdb Py-lmdb_project * 0.97 (including)
Py-lmdb Ubuntu bionic *
Py-lmdb Ubuntu disco *
Py-lmdb Ubuntu eoan *
Py-lmdb Ubuntu groovy *
Py-lmdb Ubuntu hirsute *
Py-lmdb Ubuntu impish *
Py-lmdb Ubuntu kinetic *
Py-lmdb Ubuntu lunar *
Py-lmdb Ubuntu mantic *
Py-lmdb Ubuntu trusty *
Py-lmdb Ubuntu xenial *

References