Permalink
CVE-2024-4340
7.5 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.
Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.
References
- https://research.jfrog.com/vulnerabilities/sqlparse-stack-exhaustion-dos-jfsa-2… third-party-advisory
- https://github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0… patch
- https://github.com/advisories/GHSA-2m57-hf25-phgg
- https://github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0… patch
- https://github.com/advisories/GHSA-2m57-hf25-phgg
- https://research.jfrog.com/vulnerabilities/sqlparse-stack-exhaustion-dos-jfsa-2… third-party-advisory
- https://research.jfrog.com/vulnerabilities/sqlparse-stack-exhaustion-dos-jfsa-2… third-party-advisory x_transferred
- https://github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0… x_transferred patch
- https://github.com/advisories/GHSA-2m57-hf25-phgg x_transferred
- https://research.jfrog.com/vulnerabilities/sqlparse-stack-exhaustion-dos-jfsa-2… third-party-advisory
- https://github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0… patch
- https://github.com/advisories/GHSA-2m57-hf25-phgg
- https://research.jfrog.com/vulnerabilities/sqlparse-stack-exhaustion-dos-jfsa-2… third-party-advisory x_transferred
- https://github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0… x_transferred patch
- https://github.com/advisories/GHSA-2m57-hf25-phgg x_transferred
- https://lists.debian.org/debian-lts-announce/2024/12/msg00022.html
Affected products
sqlparse
- ==0
- <0.5.0
Matching in nixpkgs
pkgs.python312Packages.sqlparse
Non-validating SQL parser for Python
-
nixos-unstable -
- nixpkgs-unstable 0.5.3
pkgs.python313Packages.sqlparse
Non-validating SQL parser for Python
-
nixos-unstable -
- nixpkgs-unstable 0.5.3