DEBIAN-CVE-2024-4340

Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError...

RHEL 9 : runc (RHSA-2024:2180)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2180 advisory. The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes:...

RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3622)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3622 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

RHEL 7 : rh-haproxy18-haproxy (RHSA-2019:1436)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1436 advisory. HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. The following packages have been upgrad...

RHEL 5 / 6 : JBoss Enterprise Web Server 1.0.2 update (Moderate) (RHSA-2011:0897)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:0897 advisory. - tomcat: information disclosure in authentication headers CVE-2010-1157 - httpd modcache, moddav: DoS httpd child process crash by...

UBUNTU-CVE-2024-25583

A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected...

GHSA-P72Q-H37J-3HQ7 dbt uses a SQLparse version with a high vulnerability

Summary Using a version of sqlparse that has a security vulnerability and no way to update in current version of dbt core. Snyk recommends using sqlparse==0.5 but this causes a conflict with dbt. Snyk states the issues is a recursion error: SNYK-PYTHON-SQLPARSE-6615674. Details Dependency conflic...

PT-2024-40393 · Dbt-Core +1 · Dbt-Core +1

Name of the Vulnerable Software and Affected Versions: dbt-core versions 1.6.0 through 1.6.12 dbt-core versions 1.7.0 through 1.7.12 Description: The issue is related to a recursion error in the sqlparse library used by dbt-core. This error can be triggered by parsing a specific SQL query, such a...

squid: Denial of Service in HTTP Chunked Decoding

A flaw was found in Squid. This issue may allow a remote attacker to trigger an uncontrolled recursion bug when sending a specially crafted, chunked, encoded HTTP Message, resulting in a denial of service...

GHSA-2M57-HF25-PHGG sqlparse parsing heavily nested list leads to Denial of Service

Summary Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError. Details + PoC Running the following code will raise Maximum recursion limit exceeded exception: py import sqlparse sqlparse.parse'' 10000 + '' 10000 We expect a traceback of RecursionError:...

sqlparse parsing heavily nested list leads to Denial of Service

Summary Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError. Details + PoC Running the following code will raise Maximum recursion limit exceeded exception: py import sqlparse sqlparse.parse'' 10000 + '' 10000 We expect a traceback of RecursionError:...

PT-2024-21614

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.0-05205-g77fadd89fe2d-dirty 213 Description The issue arises when the mirred action is used on a classful egress qdisc and a packet is mirrored or redirected to itself, resulting in a qdisc lock deadlock. Thi...

PT-2024-10474 · Pypi +4 · Sqlparse +4

Name of the Vulnerable Software and Affected Versions: sqlparse affected versions not specified Description: The issue is related to the sqlparse.parse function, which can lead to a Denial of Service due to a RecursionError when processing a heavily nested list. This can be exploited by a remote...

Oracle Linux 7 : squid (ELSA-2024-1787)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1787 advisory. - Resolves: CVE-2021-28651 squid: Bug 5104: Memory leak in RFC 2169 response parsing 778 - Resolves: CVE-2021-28652 squid: Bug 5106: Broken cache manag...

Stack Overflow

Xpdf is vulnerable to a stack overflow. The vulnerability is due to a PDF object loop in the page label tree, leading to infinite recursion...

Stack Overflow

Xpdf is vulnerable to a stack overflow. The vulnerability is due to a PDF object loop in the page label tree, leading to infinite recursion...

CLSA-2024-1712490592 squid: Fix of CVE-2024-25111

CVE-2024-25111: Fix infinite recursion when parsing HTTP chunks...

CLSA-2024-1712261257 squid: Fix of CVE-2024-25111

CVE-2024-25111: Fix infinite recursion when parsing HTTP chunks...

The vulnerability of the LISP protocol implementation in Cisco IOS and Cisco IOS XE operating systems allows a hacker to trigger a service failure.

The vulnerability of the LISP protocol implementation in Cisco IOS and Cisco IOS XE operating systems is related to uncontrolled recursion during the processing of LISP packets. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

CVE-2024-3247

In Xpdf 4.05 and earlier, a PDF object loop in an object stream leads to infinite recursion and a stack overflow...