Hi all,

This CVE,

https://nvd.nist.gov/vuln/detail/CVE-2019-16224 

was raised against the py-lmdb library, who patched it here 
https://github.com/jnwatson/py-lmdb/blob/master/lib/py-lmdb/cve-2019-16224-validate-db-flags.patch
 (they bundle their own copy of the LMDB C library).

It looks like there’s no similar mitigation in the LMDB C library 
https://github.com/LMDB/lmdb/blob/mdb.master/libraries/liblmdb/mdb.c .

Have you looked at this one at all, any idea whether this CVE affects the LMDB 
library?

Thanks,

Alex Seaton

Reply via email to