QwikSec

Security Database

CVE

CWE

Training

CVE-2026-22185

Published: Jan 7, 2026

Modified: May 25, 2026

PUBLISHED

Description

OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.

Vendor	Product	Versions
OpenLDAP Foundation	OpenLDAP	affected `0.9.14 - < 0.9.34`

Weaknesses (CWE)

References

https://seclists.org/fulldisclosure/2026/Jan/5

technical-description

exploit

https://seclists.org/fulldisclosure/2026/Jan/8

technical-description

exploit

https://www.openldap.org/

product

https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline

third-party-advisory

https://bugs.openldap.org/show_bug.cgi?id=10421

issue-tracking

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.