CVE-2024-4340

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-4340
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-4340.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-4340
Aliases
Related
Published
2024-04-30T15:15:53Z
Modified
2024-10-12T11:29:24.088614Z
Summary
[none]
Details

Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.

References

Affected packages

Debian:11 / sqlparse

Package

Name
sqlparse
Purl
pkg:deb/debian/sqlparse?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.4.1-1
0.4.2-1
0.4.4-1
0.5.0-1
0.5.1-1
0.5.1-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / sqlparse

Package

Name
sqlparse
Purl
pkg:deb/debian/sqlparse?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.4.2-1
0.4.4-1
0.5.0-1
0.5.1-1
0.5.1-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / sqlparse

Package

Name
sqlparse
Purl
pkg:deb/debian/sqlparse?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.5.0-1

Affected versions

0.*

0.4.2-1
0.4.4-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/andialbrecht/sqlparse

Affected ranges

Type
GIT
Repo
https://github.com/andialbrecht/sqlparse
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b4a39d9850969b4e1d6940d32094ee0b42a2cf03

Affected versions

0.*

0.1.0
0.1.1
0.1.10
0.1.11
0.1.12
0.1.13
0.1.14
0.1.15
0.1.16
0.1.17
0.1.18
0.1.19
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.1.9
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.3.0
0.3.1
0.4.0
0.4.1
0.4.2
0.4.3
0.4.4