CVE-2024-56374 — Allocation of Resources Without Limits or Throttling in Django

CWE-770 — Allocation of Resources Without Limits or Throttling11 documents8 sources

Severity

7.5HIGHNVD

CNA5.8

EPSS

0.1%

top 75.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Djangoproject Django Debian Linux

Timeline

PublishedJan 14

Latest updateMay 27

Description

An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5djangoproject/django4.2 — 4.2.18+2

▶NVDdjangoproject/django4.2 — 4.2.18+2

▶PyPIdjangoproject/django5.1 — 5.1.5+2

Also affects: Debian Linux 11.0

🔴Vulnerability Details

OSV

Django has a potential denial-of-service vulnerability in IPv6 validation↗2025-01-14

▶

OSV

CVE-2024-56374: An issue was discovered in Django 5↗2025-01-14

▶

CVEList

CVE-2024-56374: An issue was discovered in Django 5↗2025-01-14

▶

GHSA

Django has a potential denial-of-service vulnerability in IPv6 validation↗2025-01-14

▶

📋Vendor Advisories

Ubuntu

Django vulnerability↗2025-01-23

▶

Ubuntu

Django vulnerability↗2025-01-14

▶

Red Hat

django: potential denial-of-service vulnerability in IPv6 validation↗2025-01-14

▶

Debian

CVE-2024-56374: python-django - An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 b...↗2024

▶

💬Community

HackerOne

CVE-2024-56374: Denial-of-service vulnerability in IPv6 validation↗2025-05-27

▶

HackerOne

CVE-2024-56374 Potential denial-of-service in IPv6 validation↗2025-02-06

▶