CBL Mariner 2.0 Security Update: protobuf (CVE-2025-4565)

The version of protobuf installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4565 advisory. - Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an...

SUSE SLES15 Security Update : protobuf (SUSE-SU-2025:02310-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:02310-1 advisory. - CVE-2025-4565: Fix parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages that can lea...

LlamaIndex vulnerable to DoS attack through uncontrolled recursive JSON parsing

The JSONReader in run-llama/llamaindex versions 0.12.28 is vulnerable to a stack overflow due to uncontrolled recursive JSON parsing. This vulnerability allows attackers to trigger a Denial of Service DoS by submitting deeply nested JSON structures, leading to a RecursionError and crashing...

Denial Of Service (DoS)

Protobuf is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of deeply nested or recursive structures in the Pure-Python backend, leading to a RecursionError...

CVE-2025-4565 Unbounded recursion in Python Protobuf

Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...

CVE-2025-4565

Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...

TencentOS Server 4: python-sqlparse (TSSA-2024:0918)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0918 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

K000139698: Python vulnerabilities CVE-2016-5636, CVE-2018-1000802, CVE-2022-48565 and CVE-2023-36632

Security Advisory Description CVE-2016-5636 Integer overflow in the getdata function in zipimport.c in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer...

Ubuntu 22.04 LTS / 23.10 / 24.04 LTS : SQL parse vulnerability (USN-6771-1)

The remote Ubuntu 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6771-1 advisory. It was discovered that SQL parse incorrectly handled certain nested lists. An attacker could possibly use this issue to cause a denial of...

Duplicate Advisory: sqlparse parsing heavily nested list leads to Denial of Service

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2m57-hf25-phgg. This link is maintained to preserve external references. Original Description Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError...

CVE-2024-4340

Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError...

UBUNTU-CVE-2024-4340

Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError...

CVE-2024-4340 Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.

Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError...

CVE-2024-4340 Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.

Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError...

CVE-2024-4340

CVE-2024-4340 is a denial-of-service vulnerability in the Python sqlparse library, caused by passing a heavily nested list to sqlparse.parse() which can trigger a RecursionError. Public documentation in the connected items confirms widespread impact across products that bundle sqlparse (e.g., IBM...

CVE-2024-4340

Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError...

CVE-2024-4340

Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError...

Denial Of Service (DoS)

sqlparse is vulnerable to Denial of Service DoS. The vulnerability is due to a lack of recursion limits, which allows an attacker to pass a heavily nested list to the parse method resulting in a RecursionError...

BIT-PYTHON-2023-36632

The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed ...

Python <= 3.12.1 'RecursionError' Vulnerability - Linux

Python is prone to a SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...