CVE-2023-30608
Parser contains an inefficient regular expression in sqlparse
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue.
A flaw was found in sqlparse. The SQL parser contains a regular expression vulnerable to a Regular Expression Denial of Service (ReDoS). The vulnerability may lead to a denial of service (DoS).
Red Hat Update Infrastructure offers a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red Hat Enterprise Linux instances. Issues addressed include bypass and denial of service vulnerabilities.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-04-13 CVE Reserved
- 2023-04-18 CVE Published
- 2025-02-13 CVE Updated
- 2025-07-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-1333: Inefficient Regular Expression Complexity
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2023/05/msg00017.html | Mailing List |
|
https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS | Technical Description |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2023-30608 | 2023-11-08 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2187903 | 2023-11-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sqlparse Project Search vendor "Sqlparse Project" | Sqlparse Search vendor "Sqlparse Project" for product "Sqlparse" | >= 0.1.15 < 0.4.4 Search vendor "Sqlparse Project" for product "Sqlparse" and version " >= 0.1.15 < 0.4.4" | python |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
|