CVE-2023-45842

Summary

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the mxsldr package.

Affected Software

VendorProductVersion RangeStatus
BuildrootBuildroot2023.08.1affected
BuildrootBuildrootdev commit 622698d7847affected

Weaknesses

  • CWE-494: CWE-494: Download of Code Without Integrity Check

ADP Enrichment

CVE Program Container

Additional References

References