CVE Vulnerabilities

CVE-2024-38875

Improper Handling of Length Parameter Inconsistency

Published: Jul 10, 2024 | Modified: Jun 16, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
5.3 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Ubuntu
MEDIUM
root.io minimus.io echohq.com

An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.

Weakness

The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.

Affected Software

Name Vendor Start Version End Version
Django Djangoproject 4.2 (including) 4.2.14 (excluding)
Django Djangoproject 5.0 (including) 5.0.7 (excluding)
Red Hat Ansible Automation Platform 2.4 for RHEL 8 RedHat python3x-django-0:4.2.15-1.el8ap *
Red Hat Ansible Automation Platform 2.4 for RHEL 9 RedHat python-django-0:4.2.15-1.el9ap *
Red Hat OpenStack Services on OpenShift 18.0 RedHat python-django-0:3.2.12-8.el9ost *
Red Hat Satellite 6.16 for RHEL 8 RedHat python-django-0:4.2.16-1.el8pc *
Red Hat Satellite 6.16 for RHEL 8 RedHat python-django-0:4.2.16-1.el8pc *
Red Hat Satellite 6.16 for RHEL 9 RedHat python-django-0:4.2.16-1.el9pc *
Red Hat Satellite 6.16 for RHEL 9 RedHat python-django-0:4.2.16-1.el9pc *
Python-django Ubuntu esm-infra/bionic *
Python-django Ubuntu focal *
Python-django Ubuntu jammy *
Python-django Ubuntu mantic *
Python-django Ubuntu noble *
Python-django Ubuntu trusty/esm *

Potential Mitigations

References