CVE-2023-45842

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the mxsldr...

CVE-2023-45842

CVE-2023-45842 affects Buildroot 2023.08.1 and the dev commit 622698d7847, where data-integrity vulnerabilities in the package hash checking enable a MITM attacker to substitute compromised sources for Buildroot packages. The Talos advisory TALOS-2023-1844 documents multiple related CVEs (includi...

CVE-2023-45838

Buildroot CVE-2023-45838 affects the package hash checking for Buildroot 2023.08.1 and dev commit 622698d7847 (aufs-related). TALOS confirms multiple data integrity vulnerabilities enabling a MITM to provide compromised sources, potentially allowing arbitrary command execution in the builder. Key...

CVE-2023-45839

CVE-2023-45839 concerns Buildroot (2023.08.1 and dev commit 622698d7847) with multiple data-integrity vulnerabilities in the package hash checking, related to aufs-util. Talos confirms Buildroot is susceptible to MITM-based tampering of downloaded sources (no hash/check for certain packages), ena...

CVE-2023-45840

Summary (CVE-2023-45840): Buildroot 2023.08.1 and the dev commit 622698d7847 have data integrity vulnerabilities in the package hash checking, enabling a MITM attack to deliver compromised sources and potentially execute arbitrary commands in the builder. The Red Hat/OSV/Talos advisories describe...

CVE-2023-45841

CVE-2023-45841: Cisco Talos and Red Hat notes describe data integrity vulnerabilities in Buildroot’s package hash checking for Buildroot 2023.08.1 and the dev commit 622698d7847, enabling a MITM attacker to substitute package sources and cause arbitrary code execution during the build, with the i...

CVE-2023-45841

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the...

CVE-2023-45838

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the aufs packa...

CVE-2023-43608

CVE-2023-43608 affects Buildroot 2023.08.1 and the dev commit 622698d7847, exposing BR_NO_CHECK_HASH_FOR to MITM manipulation. A crafted attack could substitute package sources and lead to arbitrary command execution in the builder, with potential tampering of generated build outputs. Talos summa...

CVE-2023-45839

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the aufs-util...

CVE-2023-43608

A data integrity vulnerability exists in the BRNOCHECKHASHFOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder...

Buildroot Security Vulnerabilities

Buildroot is Buildroot open source set of Makefile and Patch files. It is used to simplify and automate the process of building a complete and bootable Linux environment for embedded systems. A security vulnerability exists in Buildroot version 2023.08.1 and dev commit 622698d7847, which stems fr...

Buildroot Security Vulnerabilities

Buildroot is Buildroot open source set of Makefile and Patch files. It is used to simplify and automate the process of building a complete and bootable Linux environment for embedded systems. A security vulnerability exists in Buildroot version 2023.08.1. An attacker can exploit this vulnerabilit...

Buildroot Security Vulnerabilities

Buildroot is Buildroot open source set of Makefile and Patch files. It is used to simplify and automate the process of building a complete and bootable Linux environment for embedded systems. A security vulnerability exists in Buildroot version 2023.08.1 and dev commit 622698d7847, which stems fr...

Buildroot Security Vulnerabilities

Buildroot is Buildroot open source set of Makefile and Patch files. It is used to simplify and automate the process of building a complete and bootable Linux environment for embedded systems. A security vulnerability exists in Buildroot version 2023.08.1 and dev commit 622698d7847, which stems fr...

Buildroot Security Vulnerabilities

Buildroot is Buildroot open source set of Makefile and Patch files. It is used to simplify and automate the process of building a complete and bootable Linux environment for embedded systems. A security vulnerability exists in Buildroot version 2023.08.1 and dev commit 622698d7847, which stems fr...

PT-2023-28873 · Buildroot · Buildroot

Name of the Vulnerable Software and Affected Versions: Buildroot versions 2023.08.1 and dev commit 622698d7847 Description: A data integrity issue exists in the BR NO CHECK HASH FOR functionality, allowing a specially crafted man-in-the-middle attack to lead to arbitrary command execution in the...

PT-2023-29726 · Buildroot +1 · Buildroot +1

Name of the Vulnerable Software and Affected Versions: Buildroot versions 2023.08.1 through 2023.08.1 Buildroot dev commit 622698d7847 Description: Multiple data integrity vulnerabilities exist in the package hash checking functionality. A specially crafted man-in-the-middle attack can lead to...

PT-2023-7916 · Buildroot +1 · Buildroot +1

Name of the Vulnerable Software and Affected Versions: Buildroot versions 2023.08.1 through dev commit 622698d7847 Description: Multiple data integrity vulnerabilities exist in the package hash checking functionality. A specially crafted man-in-the-middle attack can lead to arbitrary command...

Buildroot package hash checking data integrity vulnerabilities

Talos Vulnerability Report TALOS-2023-1844 Buildroot package hash checking data integrity vulnerabilities December 5, 2023 CVE Number CVE-2023-45841,CVE-2023-45842,CVE-2023-45838,CVE-2023-45839,CVE-2023-45840 SUMMARY Multiple data integrity vulnerabilities exist in the package hash checking...