PT-2025-3272 · Django+7 · Django+7

Saravana Kumar

Publicado

2025-01-14

Atualizado

2026-01-03

CVE-2024-56374

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.17 Django versions 5.0 through 5.0.10 Django versions 5.1 through 5.1.4

Description A potential denial-of-service attack could occur due to the lack of upper-bound limit enforcement in strings passed when performing IPv6 validation. The undocumented and private functions clean ipv6 address and is valid ipv6 address are vulnerable, as is the django.forms.GenericIPAddressField form field.

Recommendations For Django versions 4.2 through 4.2.17, update to version 4.2.18 or later. For Django versions 5.0 through 5.0.10, update to version 5.0.11 or later. For Django versions 5.1 through 5.1.4, update to version 5.1.5 or later.

Correção

DoS

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770

Identificadores relacionados

ALT-PU-2025-10176

ALT-PU-2025-2205

BDU:2025-01179

BIT-DJANGO-2024-56374

CVE-2024-56374

DLA-4030-1

GHSA-QCGG-J2X8-H9G8

MGASA-2025-0039

OESA-2025-1069

OPENSUSE-SU-2025:14651-1

OPENSUSE-SU-2025:14662-1

OPENSUSE-SU-2025_0149-1

OPENSUSE-SU-2026:10005-1

PYSEC-2025-1

RHSA-2025:0777

RHSA-2025:2399

RHSA-2025:4576

SUSE-SU-2025:0149-1

USN-7205-1

USN-7205-2

Produtos afetados

Alt Linux

Astra Linux

Debian

Django

Linuxmint

Red Os

Suse

Ubuntu

PT-2025-3272 · Django+7 · Django+7

CVE-2024-56374

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 129