CVE-2026-22185

Published: January 9, 2026Last modified: March 4, 2026

Description

OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load contains a heap buffer underflow vulnerability in the readline() function. When processing malformed input, an unsigned offset calculation can underflow a heap pointer, resulting in an out-of-bounds read of one byte before the allocated heap buffer. This may allow a local attacker to cause a denial of service and potentially disclose limited heap memory contents.

Notes

the CVE is fixed in upstream even though its validity is still doubtful

Status

Product	Release	Package	Status
Alpaquita Linux	23 LTS	lmdb	Fixed (0.9.29-r3)
	23 LTS	openldap	Fixed (2.6.3-r8)
	25 LTS	lmdb	Fixed (0.9.33-r1)
	25 LTS	openldap	Fixed (2.6.8-r2)
	Stream	lmdb	Fixed (0.9.33-r1)
	Stream	openldap	Fixed (2.6.10-r1)

References

https://bugs.openldap.org/show_bug.cgi?id=10421
https://seclists.org/fulldisclosure/2026/Jan/5
https://seclists.org/fulldisclosure/2026/Jan/8
https://www.openldap.org/
https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline