High severity7.5OSV Advisory· Published Apr 30, 2024· Updated Apr 15, 2026
CVE-2024-4340
CVE-2024-4340
Description
Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sqlparsePyPI | < 0.5.0 | 0.5.0 |
Affected products
40- Range: 0.1.0, 0.1.1, 0.1.10, …
- osv-coords39 versionspkg:apk/chainguard/kubeflow-pipelines-visualization-serverpkg:apk/chainguard/py3.10-sqlparsepkg:apk/chainguard/py3.10-sqlparse-binpkg:apk/chainguard/py3.11-sqlparsepkg:apk/chainguard/py3.11-sqlparse-binpkg:apk/chainguard/py3.12-sqlparsepkg:apk/chainguard/py3.12-sqlparse-binpkg:apk/chainguard/py3.13-sqlparsepkg:apk/chainguard/py3.13-sqlparse-binpkg:apk/chainguard/py3-sqlparsepkg:apk/chainguard/py3-supported-sqlparsepkg:apk/wolfi/kubeflow-pipelines-visualization-serverpkg:apk/wolfi/py3.10-sqlparsepkg:apk/wolfi/py3.10-sqlparse-binpkg:apk/wolfi/py3.11-sqlparsepkg:apk/wolfi/py3.11-sqlparse-binpkg:apk/wolfi/py3.12-sqlparsepkg:apk/wolfi/py3.12-sqlparse-binpkg:apk/wolfi/py3.13-sqlparsepkg:apk/wolfi/py3.13-sqlparse-binpkg:apk/wolfi/py3-sqlparsepkg:apk/wolfi/py3-supported-sqlparsepkg:pypi/sqlparsepkg:rpm/opensuse/python3-sqlparse&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/python-sqlparse&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/python3-sqlparse&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/python3-sqlparse&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/python3-sqlparse&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python3-sqlparse&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python3-sqlparse&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/python3-sqlparse&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/python3-sqlparse&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/python3-sqlparse&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python3-sqlparse&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/python3-sqlparse&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python3-sqlparse&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/python3-sqlparse&distro=SUSE%20Manager%20Server%204.3pkg:rpm/suse/python-sqlparse&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/python-sqlparse&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5
< 2.2.0-r0+ 38 more
- (no CPE)range: < 2.2.0-r0
- (no CPE)range: < 0.5.0-r0
- (no CPE)range: < 0.5.0-r0
- (no CPE)range: < 0.5.0-r0
- (no CPE)range: < 0.5.0-r0
- (no CPE)range: < 0.5.0-r0
- (no CPE)range: < 0.5.0-r0
- (no CPE)range: < 0.5.0-r0
- (no CPE)range: < 0.5.0-r0
- (no CPE)range: < 0.5.0-r0
- (no CPE)range: < 0.5.0-r0
- (no CPE)range: < 2.2.0-r0
- (no CPE)range: < 0.5.0-r0
- (no CPE)range: < 0.5.0-r0
- (no CPE)range: < 0.5.0-r0
- (no CPE)range: < 0.5.0-r0
- (no CPE)range: < 0.5.0-r0
- (no CPE)range: < 0.5.0-r0
- (no CPE)range: < 0.5.0-r0
- (no CPE)range: < 0.5.0-r0
- (no CPE)range: < 0.5.0-r0
- (no CPE)range: < 0.5.0-r0
- (no CPE)range: < 0.5.0
- (no CPE)range: < 0.4.2-150300.12.1
- (no CPE)range: < 0.4.4-150400.6.7.1
- (no CPE)range: < 0.4.2-150300.12.1
- (no CPE)range: < 0.4.2-150300.12.1
- (no CPE)range: < 0.4.2-150300.12.1
- (no CPE)range: < 0.4.2-150300.12.1
- (no CPE)range: < 0.4.2-150300.12.1
- (no CPE)range: < 0.4.2-150300.12.1
- (no CPE)range: < 0.4.2-150300.12.1
- (no CPE)range: < 0.4.2-150300.12.1
- (no CPE)range: < 0.4.2-150300.12.1
- (no CPE)range: < 0.4.2-150300.12.1
- (no CPE)range: < 0.4.2-150300.12.1
- (no CPE)range: < 0.4.2-150300.12.1
- (no CPE)range: < 0.4.4-150400.6.7.1
- (no CPE)range: < 0.4.4-150400.6.7.1
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-2m57-hf25-phggnvdADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-4340ghsaADVISORY
- github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0b42a2cf03nvdWEB
- github.com/andialbrecht/sqlparse/security/advisories/GHSA-2m57-hf25-phggghsaWEB
- research.jfrog.com/vulnerabilities/sqlparse-stack-exhaustion-dos-jfsa-2024-001031292ghsaWEB
- lists.debian.org/debian-lts-announce/2024/12/msg00022.htmlnvd
- research.jfrog.com/vulnerabilities/sqlparse-stack-exhaustion-dos-jfsa-2024-001031292/nvd
News mentions
0No linked articles in our index yet.