How severe is CVE-2024-56374?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.8 out of 10.

What type of vulnerability is CVE-2024-56374?

This is classified as CWE-770, which is a common weakness in software security.

CVE-2024-56374 - MEDIUM Severity | CVSS 5.8

Vulnerability Description

An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.)

Related Vulnerabilities

CVE-2025-27556

MEDIUM

CVSS:5.8(Medium)

An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.Lo...

CWE-7702025

CVE-2024-23826

MEDIUM

CVSS:5.7(Medium)

spbu_se_site is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a...

CWE-7702024

CVE-2017-12132

MEDIUM

CVSS:5.9(Medium)

The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path ...

CWE-7702017

CVE-2018-10237

MEDIUM

CVSS:5.9(Medium)

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize att...

CWE-7702018

CVE-2019-12940

MEDIUM

CVSS:5.9(Medium)

LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (memory consumption) in knowledgebase.php via a large integer value of the depth parameter.

CWE-7702019

CVE-2022-38153

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 ...

CWE-7702022