CVE-2026-22185 — Out-of-bounds Read in Foundation Openldap

CWE-125 — Out-of-bounds Read CWE-191 — Integer Underflow (Wrap or Wraparound)7 documents7 sources

Severity

4.6MEDIUMNVD

EPSS

0.0%

top 94.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openldap Foundation Openldap Debian Lmdb Debian Openldap +1 more

Timeline

PublishedJan 7

Latest updateJan 13

Description

OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages4 packages

▶CVEListV5openldap_foundation/openldap0.9.14 — 0.9.34

▶debiandebian/lmdb

▶debiandebian/openldap

▶msrcmsrc/azl3_openldap_2.6.7-2_on_azure_linux_3.0

🔴Vulnerability Details

OSV

CVE-2026-22185: OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0↗2026-01-07

▶

GHSA

GHSA-gcc9-wqf3-69qj: OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load contains a heap buffer underflow vulnerability in the readline() function↗2026-01-07

▶

📋Vendor Advisories

Microsoft

OpenLDAP <= 2.6.10 LMDB mdb_load Heap Buffer Underflow in readline()↗2026-01-13

▶

Red Hat

OpenLDAP: OpenLDAP LMDB: Denial of Service and Information Disclosure via Heap Buffer Underflow↗2026-01-07

▶

Debian

CVE-2026-22185: lmdb - OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0....↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-22185 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶