Lucene search
UbuntuUSN-6064-1HistoryMay 10, 2023 - 12:00 a.m.
SQL parse vulnerability
2023-05-1000:00:00
ubuntu.com
41
sql parse
vulnerability
ubuntu
regular expression
denial of service
python
parser
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.9
Confidence
High
EPSS
0.001
Percentile
42.2%
Releases
- Ubuntu 23.04
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
Packages
- sqlparse - documentation for non-validating SQL parser in Python
Details
It was discovered that SQL parse incorrectly handled certain regular expression.
An attacker could possibly use this issue to cause a denial of service.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 23.04 | noarch | python3-sqlparse | < 0.4.2-1ubuntu0.23.04.1 | UNKNOWN |
| Ubuntu | 23.04 | noarch | python-sqlparse-doc | < 0.4.2-1ubuntu0.23.04.1 | UNKNOWN |
| Ubuntu | 23.04 | noarch | sqlformat | < 0.4.2-1ubuntu0.23.04.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | python3-sqlparse | < 0.4.2-1ubuntu0.22.10.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | python-sqlparse-doc | < 0.4.2-1ubuntu0.22.10.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | sqlformat | < 0.4.2-1ubuntu0.22.10.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | python3-sqlparse | < 0.4.2-1ubuntu0.22.04.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | python-sqlparse-doc | < 0.4.2-1ubuntu0.22.04.1 | UNKNOWN |
| Ubuntu | 22.04 | noarch | sqlformat | < 0.4.2-1ubuntu0.22.04.1 | UNKNOWN |
| Ubuntu | 20.04 | noarch | python3-sqlparse | < 0.2.4-3ubuntu0.1 | UNKNOWN |
References
Related
nessus
nessus
debian
debian
[SECURITY] [DLA 3425-1] sqlparse security update
2023-05-16 11:33:56
osv
osv
sqlparse vulnerability
2023-05-10 11:09:44
python310-sqlparse-0.4.4-1.1 on GA media
2024-06-15 00:00:00
Recommended update for google-cloud SDK
2024-06-20 18:33:51
cve
cve
CVE-2023-30608
2023-04-18 22:15:08
redhatcve
redhatcve
CVE-2023-30608
2023-04-19 06:00:40
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2023-04-24 11:07:24
ubuntucve
ubuntucve
CVE-2023-30608
2023-04-18 00:00:00
github
github
prion
prion
Design/Logic Flaw
2023-04-18 22:15:00
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0183)
2023-05-22 00:00:00
Debian: Security Advisory (DLA-3425-1)
2023-05-17 00:00:00
Ubuntu: Security Advisory (USN-6064-1)
2023-05-11 00:00:00
nvd
nvd
CVE-2023-30608
2023-04-18 22:15:08
redos
redos
ROS-20230620-05
2023-06-20 00:00:00
debiancve
debiancve
CVE-2023-30608
2023-04-18 22:15:08
alpinelinux
alpinelinux
CVE-2023-30608
2023-04-18 22:15:08
mageia
mageia
Updated python-sqlparse packages fix security vulnerability
2023-05-21 11:42:44
cvelist
cvelist
CVE-2023-30608 Parser contains an inefficient regular expression in sqlparse
2023-04-18 21:32:11
redhat
redhat
rocky
rocky
Satellite 6.14 security and bug fix update
2023-11-11 22:58:57
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.9
Confidence
High
EPSS
0.001
Percentile
42.2%
Related for USN-6064-1