CVE-2024-4340

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions sqlparse (affected versions not specified)

Description The issue is related to the sqlparse.parse() function, which can lead to a Denial of Service due to a RecursionError when processing a heavily nested list. This can be exploited by a remote attacker to cause a denial of service. The impact depends on the use of the sqlparse.parse() function, and anyone parsing user input with this function is affected.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider limiting the recursion depth in the flatten() function of the TokenList class to prevent excessive recursion. For example, you can modify the function to raise an error when a maximum depth is reached.

DoS

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

BDU:2025-01019

CVE-2024-4340

DLA-4000-1

GHSA-2M57-HF25-PHGG

GHSA-62QF-JCQ8-8GXW

MGASA-2024-0185

OESA-2024-1533

OESA-2024-1603

OESA-2024-1646

OPENSUSE-SU-2024_1767-1

OPENSUSE-SU-2024_1861-1

RHSA-2024:3781

RHSA-2024:9984

RHSA-2024:9986

RHSA-2025:1335

RHSA-2025:9838

SUSE-SU-2024:1767-1

SUSE-SU-2024:1861-1

SUSE-SU-2024_1767-1

SUSE-SU-2024_1861-1

USN-6771-1

Affected Products

Linuxmint

Red Os

Suse

Ubuntu

Sqlparse

CVE-2024-4340

Weakness Enumeration

Related Identifiers

Affected Products

References · 43