CVE-2023-24580 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2023-24580 Interim 1 20 2026-03-05T03:47:36Z current 2023-02-15T00:18:41Z 2026-03-05T03:47:36Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2023-24580 An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2023-March/014016.html E-Mail link for SUSE-SU-2023:0704-1 https://lists.suse.com/pipermail/sle-security-updates/2023-May/014776.html E-Mail link for SUSE-SU-2023:2080-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AQ2N7SB2HJKGBLQVFSOCRHCY66P6ACKC/ E-Mail link for openSUSE-SU-2023:0075-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OGS4NP24275NERRPQV6A6EONV6W3C2SK/ E-Mail link for openSUSE-SU-2023:0077-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XIBAQZUQ2RHKRUEWEHTVUYM66J3IOWLL/ E-Mail link for openSUSE-SU-2023:0178-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 SUSE Package Hub 12 SP1 SUSE Package Hub 15 SP4 openSUSE Leap 15.4 openSUSE Tumbleweed python-Django-1.11.15-2.1 python-Django-1.11.29-3.45.1 python-Django1-1.11.29-3.44.1 python3-Django-2.2.28-bp154.2.9.1 python3-Django1-1.11.29-bp154.2.3.1 python310-Django-4.1.7-1.1 python310-Django4-4.2.14-1.1 python311-Django-5.1.5-1.1 python311-Django4-4.2.14-1.1 python312-Django-5.1.5-1.1 python312-Django4-4.2.14-1.1 python312-Django6-6.0-1.1 python313-Django-5.1.5-1.1 python313-Django6-6.0-1.1 python38-Django-4.1.7-1.1 python39-Django-4.1.7-1.1 python-Django-1.11.29-3.45.1 as a component of HPE Helion OpenStack 8 python-Django-1.11.29-3.45.1 as a component of SUSE OpenStack Cloud 8 python-Django1-1.11.29-3.44.1 as a component of SUSE OpenStack Cloud 9 python-Django-1.11.29-3.45.1 as a component of SUSE OpenStack Cloud Crowbar 8 python-Django1-1.11.29-3.44.1 as a component of SUSE OpenStack Cloud Crowbar 9 python-Django-1.11.15-2.1 as a component of SUSE Package Hub 12 SP1 python3-Django-2.2.28-bp154.2.9.1 as a component of SUSE Package Hub 15 SP4 python3-Django1-1.11.29-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 python3-Django-2.2.28-bp154.2.9.1 as a component of openSUSE Leap 15.4 python3-Django1-1.11.29-bp154.2.3.1 as a component of openSUSE Leap 15.4 python310-Django-4.1.7-1.1 as a component of openSUSE Tumbleweed python310-Django4-4.2.14-1.1 as a component of openSUSE Tumbleweed python311-Django-5.1.5-1.1 as a component of openSUSE Tumbleweed python311-Django4-4.2.14-1.1 as a component of openSUSE Tumbleweed python312-Django-5.1.5-1.1 as a component of openSUSE Tumbleweed python312-Django4-4.2.14-1.1 as a component of openSUSE Tumbleweed python312-Django6-6.0-1.1 as a component of openSUSE Tumbleweed python313-Django-5.1.5-1.1 as a component of openSUSE Tumbleweed python313-Django6-6.0-1.1 as a component of openSUSE Tumbleweed python38-Django-4.1.7-1.1 as a component of openSUSE Tumbleweed python39-Django-4.1.7-1.1 as a component of openSUSE Tumbleweed An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. CVE-2023-24580 HPE Helion OpenStack 8:python-Django-1.11.29-3.45.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP5:python3-Django-2.0.7-150000.1.6.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP6:python3-Django-2.0.7-150000.1.6.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:python3-Django-2.0.7-150000.1.6.1 SUSE OpenStack Cloud 8:python-Django-1.11.29-3.45.1 SUSE OpenStack Cloud 9:python-Django1-1.11.29-3.44.1 SUSE OpenStack Cloud Crowbar 8:python-Django-1.11.29-3.45.1 SUSE OpenStack Cloud Crowbar 9:python-Django1-1.11.29-3.44.1 SUSE Package Hub 12 SP1:python-Django-1.11.15-2.1 SUSE Package Hub 15 SP4:python3-Django-2.2.28-bp154.2.9.1 SUSE Package Hub 15 SP4:python3-Django1-1.11.29-bp154.2.3.1 openSUSE Leap 15.4:python3-Django-2.2.28-bp154.2.9.1 openSUSE Leap 15.4:python3-Django1-1.11.29-bp154.2.3.1 openSUSE Tumbleweed:python310-Django-4.1.7-1.1 openSUSE Tumbleweed:python310-Django4-4.2.14-1.1 openSUSE Tumbleweed:python311-Django-5.1.5-1.1 openSUSE Tumbleweed:python311-Django4-4.2.14-1.1 openSUSE Tumbleweed:python312-Django-5.1.5-1.1 openSUSE Tumbleweed:python312-Django4-4.2.14-1.1 openSUSE Tumbleweed:python312-Django6-6.0-1.1 openSUSE Tumbleweed:python313-Django-5.1.5-1.1 openSUSE Tumbleweed:python313-Django6-6.0-1.1 openSUSE Tumbleweed:python38-Django-4.1.7-1.1 openSUSE Tumbleweed:python39-Django-4.1.7-1.1 important 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H