IPv6 Validation Vulnerability in Django Framework
CVE-2024-56374

5.8MEDIUM

Key Information:

Vendor: Djangoproject
Status: Django
Vendor: CVE Published:; 14 January 2025

What is CVE-2024-56374?

A vulnerability has been identified in prior versions of the Django framework that lacks proper upper-bound limit enforcement during IPv6 validation. This oversight affects functions like 'clean_ipv6_address' and 'is_valid_ipv6_address', as well as the 'GenericIPAddressField' form field. Exploitation of this issue could potentially allow an attacker to initiate a denial-of-service attack, impacting the availability of the application.

Affected Version(s)

Django 4.2 < 4.2.18

Django 5.0 < 5.0.11

Django 5.1 < 5.1.5

References

https://docs.djangoproject.com/en/dev/releases/security/

https://groups.google.com/g/django-announce

https://www.djangoproject.com/weblog/2025/jan/14/security...

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 14, 2025

Djangoproject

What is CVE-2024-56374?

Affected Version(s)

References

CVSS V3.1

Timeline