An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 03 Oct 2025 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Debian
Debian debian Linux
Djangoproject
Djangoproject django
CPEs cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Vendors & Products Debian
Debian debian Linux
Djangoproject
Djangoproject django

Wed, 07 May 2025 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:satellite:6.17::el9
cpe:/a:redhat:satellite_capsule:6.17::el9

Thu, 06 Mar 2025 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat satellite
Redhat satellite Capsule
CPEs cpe:/a:redhat:satellite:6.16::el8
cpe:/a:redhat:satellite:6.16::el9
cpe:/a:redhat:satellite_capsule:6.16::el8
cpe:/a:redhat:satellite_capsule:6.16::el9
Vendors & Products Redhat satellite
Redhat satellite Capsule

Fri, 28 Feb 2025 03:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:discovery:1::el9 cpe:/o:redhat:discovery:1.0::el9

Thu, 13 Feb 2025 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat ansible Automation Platform
Redhat discovery
CPEs cpe:/a:redhat:ansible_automation_platform:2.4::el8
cpe:/a:redhat:ansible_automation_platform:2.5::el8
cpe:/a:redhat:ansible_automation_platform:2.5::el9
cpe:/o:redhat:discovery:1::el9
Vendors & Products Redhat
Redhat ansible Automation Platform
Redhat discovery

Wed, 12 Feb 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 23 Jan 2025 18:45:00 +0000

Type Values Removed Values Added
References

Wed, 15 Jan 2025 02:00:00 +0000

Type Values Removed Values Added
Title django: potential denial-of-service vulnerability in IPv6 validation
References
Metrics threat_severity

None

threat_severity

Moderate


Tue, 14 Jan 2025 19:45:00 +0000

Type Values Removed Values Added
References

Tue, 14 Jan 2025 19:15:00 +0000

Type Values Removed Values Added
Description An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)
Weaknesses CWE-770
References
Metrics cvssV3_1

{'score': 5.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-02-12T20:31:20.698Z

Reserved: 2024-12-22T00:00:00.000Z

Link: CVE-2024-56374

cve-icon Vulnrichment

Updated: 2025-01-23T18:03:28.376Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-14T19:15:32.510

Modified: 2025-10-03T13:16:13.223

Link: CVE-2024-56374

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-01-14T00:00:00Z

Links: CVE-2024-56374 - Bugzilla

cve-icon OpenCVE Enrichment

No data.