CVE-2024-4340

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Apr 30, 2024

CWE ID 674

Summary

CVE-2024-4340 is a newly discovered vulnerability affecting sqlparse, a popular Python library used for parsing SQL queries. The issue arises when sqlparse.parse() function encounters a heavily nested list as its argument. This input triggers a RecursionError due to the excessive nesting, leading to a Denial of Service condition. The vulnerable function enters an infinite loop, consuming excessive system resources and potentially causing the application to crash or become unresponsive.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vsMxId
https://www.cve.org/CVERecord?id=CVE-2024-4340
https://nvd.nist.gov/vuln/detail/CVE-2024-4340

Back to Vulnerability Database

CVE-2024-4340

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations