Regular Expression Denial Of Service (ReDoS)

2023-04-2411:07:24

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

regular expression denial of service

sqlparse

vulnerability

inefficient regex

lexer.py

malicious input

software

0.001 Low

EPSS

Percentile

32.6%

JSON

sqlparse is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability exists due to inefficient regular expression complexity in the lexer.py regex element which allows an attacker to crash the application by submitting maliciously crafted input.

CPENameOperatorVersion
sqlparsele0.4.3
sqlparsele0.4.3
python-sqlparseeq0.4.2__3.el8pc
python-sqlparseeq0.4.1__1.el8pc
python-sqlparseeq0.4.1__4.el8pc
python-sqlparseeq0.4.2__4.1.1.el8ui
python-sqlparseeq0.4.2__4.el8ui
python-sqlparseeq0.2.4__6.epel8.playground
python-sqlparseeq0.2.4__10.el8
python-sqlparseeq0.2.2__6.1.el8ost

Name	Operator	Version
sqlparse	le	0.4.3
sqlparse	le	0.4.3
python-sqlparse	eq	0.4.2__3.el8pc
python-sqlparse	eq	0.4.1__1.el8pc
python-sqlparse	eq	0.4.1__4.el8pc
python-sqlparse	eq	0.4.2__4.1.1.el8ui
python-sqlparse	eq	0.4.2__4.el8ui
python-sqlparse	eq	0.2.4__6.epel8.playground
python-sqlparse	eq	0.2.4__10.el8
python-sqlparse	eq	0.2.2__6.1.el8ost