CVE-2023-24580

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.

• CWE-400
• CWE-400

• http://www.openwall.com/lists/oss-security/2023/02/14/1Mailing List, Release Notes, Third Party Advisory
• https://docs.djangoproject.com/en/4.1/releases/security/Patch, Vendor Advisory
• https://groups.google.com/forum/#%21forum/django-announce
• https://lists.debian.org/debian-lts-announce/2023/02/msg00023.htmlMailing List, Third Party Advisory
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/
• https://security.netapp.com/advisory/ntap-20230316-0006/
• https://www.djangoproject.com/weblog/2023/feb/14/security-releases/Patch, Release Notes, Vendor Advisory
• http://www.openwall.com/lists/oss-security/2023/02/14/1Mailing List, Release Notes, Third Party Advisory
• https://docs.djangoproject.com/en/4.1/releases/security/Patch, Vendor Advisory
• https://groups.google.com/forum/#%21forum/django-announce
• https://lists.debian.org/debian-lts-announce/2023/02/msg00023.htmlMailing List, Third Party Advisory
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/
• https://security.netapp.com/advisory/ntap-20230316-0006/
• https://www.djangoproject.com/weblog/2023/feb/14/security-releases/Patch, Release Notes, Vendor Advisory

Published

Feb 15, 2023

Last Modified

Jun 17, 2026

Status

Modified