Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `versal-firmware` package.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2023/12/11/1 | Mailing List Third Party Advisory |
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: talos
Published: 2023-12-05T11:30:10.990Z
Updated: 2023-12-05T18:00:07.696Z
Reserved: 2023-10-13T15:53:40.298Z
Link: CVE-2023-45841
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-05T12:15:43.773
Modified: 2023-12-12T01:13:22.923
Link: CVE-2023-45841
JSON object: View
Redhat Information
No data.
CWE