05-27-2025, 06:00 PM
Medium
resolved
resolved
CVE-2024-56374: Denial-of-service vulnerability in IPv6 validation
Bug reported by was disclosed at May 27, 2025, 12:26 pm |
A denial-of-service vulnerability was discovered in Django's IPv6 validation. The lack of an upper bound limit enforcement in strings passed during IPv6 validation could lead to a potential denial-of-service attack. The vulnerable functions, `clean_ipv6_address` and `is_valid_ipv6_address`, as well as the `django.forms.GenericIPAddressField` form field, have been updated to address this issue.