PT-2025-3272 · Django+7 · Django+7

Saravana Kumar

Published

2025-01-14

Updated

2026-01-03

CVE-2024-56374

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.17 Django versions 5.0 through 5.0.10 Django versions 5.1 through 5.1.4

Description A potential denial-of-service attack could occur due to the lack of upper-bound limit enforcement in strings passed when performing IPv6 validation. The undocumented and private functions clean ipv6 address and is valid ipv6 address are vulnerable, as is the django.forms.GenericIPAddressField form field.

Recommendations For Django versions 4.2 through 4.2.17, update to version 4.2.18 or later. For Django versions 5.0 through 5.0.10, update to version 5.0.11 or later. For Django versions 5.1 through 5.1.4, update to version 5.1.5 or later.

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

ALT-PU-2025-10176

ALT-PU-2025-2205

BDU:2025-01179

BIT-DJANGO-2024-56374

CVE-2024-56374

DLA-4030-1

GHSA-QCGG-J2X8-H9G8

MGASA-2025-0039

OESA-2025-1069

OPENSUSE-SU-2025:14651-1

OPENSUSE-SU-2025:14662-1

OPENSUSE-SU-2025_0149-1

OPENSUSE-SU-2026:10005-1

PYSEC-2025-1

RHSA-2025:0777

RHSA-2025:2399

RHSA-2025:4576

SUSE-SU-2025:0149-1

USN-7205-1

USN-7205-2

Affected Products

Alt Linux

Astra Linux

Debian

Django

Linuxmint

Red Os

Suse

Ubuntu

PT-2025-3272 · Django+7 · Django+7

CVE-2024-56374

Weakness Enumeration

Related Identifiers

Affected Products

References · 129