A critical vulnerability was recently found in Django, which a remote attacker could possibly use to bypass certain validations, potentially leading to the compromise of confidential information and loss of access to critical systems. With a low attack complexity, no privileges required to exploit, and a high confidentiality, integrity and availability impact, it is crucial that all impacted users update immediately to protect against damaging exploits.

Continue reading to learn about other significant issues that have been discovered and fixed, including an important denial of service (DoS) bug in c-ares and several buffer overflow, arbitrary code execution and DoS vulnerabilities in ntfs-3g.

Yours in Open Source,

Brittany Signature 150

Django

The Discovery 

It was discovered that Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1 incorrectly handled uploading multiple files using one form field (CVE-2023-31047). With a low attack complexity, no privileges required to exploit, and a high confidentiality, integrity and availability impact, this remote code execution (RCE) vulnerability has been rated as “Critical” by the National Vulnerability Database (NVD). 

Django

The Impact

A remote attacker could possibly use this issue to bypass certain validations, potentially leading to the compromise of confidential information and loss of access to critical systems.

The Fix

An important update for Django that fixes this bug has been released. We strongly recommend that all impacted users apply the Django updates issued by their distro(s) as soon as possible to protect the confidentiality, integrity and availability of their systems.

Your Related Advisories:

Register to Customize Your Advisories

c-ares

The Discovery 

Several important security vulnerabilities have been found in the c-ares fork of the ares library, including a 0-byte UDP payload denial of service (DoS) bug (CVE-2023-32067). With low attack complexity, no privileges or user interaction required to exploit, and a high availability impact, this flaw has received a National Vulnerability Database (NVD) base score of 7.5 out of 10 (“High” severity).

C Ares

The Impact

These issues could lead to downtime due to loss of access to impacted systems.

The Fix

An important update for c-ares that mitigates these bugs has been released. We urge all impacted users to apply the c-ares updates issued by their distro(s) immediately to protect the availability of their critical systems.

Your Related Advisories:

Register to Customize Your Advisories

ntfs-3g

The Discovery 

Several buffer overflow vulnerabilities have been identified in ntfs-3g. With a low attack complexity and a high confidentiality, integrity and availability impact, these vulnerabilities have received a National Vulnerability Database (NVD) severity rating of “High”.

Ntfs3g

The Impact

These issues could allow an attacker using a maliciously crafted NTFS-formatted image file or external storage to potentially execute arbitrary privileged code or cause a denial of service (DoS) leading to system downtime and compromise.

The Fix

A ntfs-3g security update that fixes these vulnerabilities has been released. We strongly recommend that all impacted users apply the ntfs-3g updates issued by their distro(s) now to protect against attacks threatening the confidentiality, integrity and availability of their systems.

Your Related Advisories:

Register to Customize Your Advisories