Vulnerability CVE-2024-56374: Information
Description
An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
python3-module-django | sisyphus | 5.1.5-alt1 | 5.1.5-alt1 | ALT-PU-2025-2207-2 | 372174 | Fixed |
python3-module-django | sisyphus_riscv64 | 5.1.5-alt1 | 5.1.5-alt1 | ALT-PU-2025-2326-1 | - | Fixed |
python3-module-django | sisyphus_loongarch64 | 5.1.5-alt1 | 5.1.5-alt1 | ALT-PU-2025-2294-1 | - | Fixed |
python3-module-django | p11 | 4.2.18-alt1 | 4.2.18-alt1 | ALT-PU-2025-2205-4 | 372181 | Fixed |