CVE-2023-43608

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-43608

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-43608.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-43608

Published

2023-12-05T12:15:42.467Z

Modified

2026-03-14T12:20:48.548307Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A data integrity vulnerability exists in the BRNOCHECKHASHFOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.

References

Affected packages

Git / gitlab.com/buildroot.org/buildroot

Affected ranges

Type

GIT

Repo

https://gitlab.com/buildroot.org/buildroot

Events

Introduced

Last affected

9266ab06e0ef1a448ac3f1c848bba59ec9908fbf

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2023.08.1"
        }
    ]
}

Affected versions

Other

0_0

gcc3_legacy

2009.*

2009.05

2009.05_rc1

2009.05_rc2

2009.05_rc3

2009.08

2009.08_rc1

2009.08_rc2

2009.08_rc3

2009.11

2009.11_rc1

2009.11_rc2

2010.*

2010.02

2010.02_rc1

2010.02_rc2

2010.05

2010.05_rc1

2010.05_rc2

2010.05_rc3

2010.08

2010.08_rc1

2010.08_rc2

2010.11

2010.11_rc1

2010.11_rc2

2011.*

2011.02

2011.02_rc1

2011.02_rc2

2011.05

2011.05_rc1

2011.05_rc2

2011.08

2011.08_rc1

2011.08_rc2

2011.11

2011.11_rc1

2011.11_rc2

2011.11_rc3

2012.*

2012.02

2012.02_rc1

2012.02_rc2

2012.02_rc3

2012.05

2012.05_rc1

2012.05_rc2

2012.05_rc3

2012.08

2012.08_rc1

2012.08_rc2

2012.08_rc3

2012.11

2012.11_rc1

2012.11_rc2

2013.*

2013.02

2013.02_rc1

2013.02_rc2

2013.02_rc3

2013.05

2013.05_rc1

2013.05_rc2

2013.05_rc3

2013.08

2013.08_rc1

2013.08_rc2

2013.08_rc3

2013.11

2013.11-rc2

2013.11-rc3

2013.11_rc1

2014.*

2014.02

2014.02-rc1

2014.02-rc2

2014.02-rc3

2014.05

2014.05-rc1

2014.05-rc2

2014.05-rc3

2014.08

2014.08-rc1

2014.08-rc2

2014.08-rc3

2014.11

2014.11-rc1

2014.11-rc2

2014.11-rc3

2015.*

2015.02

2015.02-rc1

2015.02-rc2

2015.02-rc3

2015.05

2015.05-rc1

2015.05-rc2

2015.05-rc3

2015.08

2015.08-rc1

2015.08-rc2

2015.11

2015.11-rc1

2015.11-rc2

2015.11-rc3

2016.*

2016.02

2016.02-rc1

2016.02-rc2

2016.02-rc3

2016.05

2016.05-rc1

2016.05-rc2

2016.05-rc3

2016.08

2016.08-rc1

2016.08-rc2

2016.08-rc3

2016.11

2016.11-rc1

2016.11-rc2

2016.11-rc3

2017.*

2017.02

2017.02-rc1

2017.02-rc2

2017.02-rc3

2017.05

2017.05-rc1

2017.05-rc2

2017.05-rc3

2017.08

2017.08-rc1

2017.08-rc2

2017.08-rc3

2017.11

2017.11-rc1

2017.11-rc2

2018.*

2018.02

2018.02-rc1

2018.02-rc2

2018.02-rc3

2018.05

2018.05-rc1

2018.05-rc2

2018.05-rc3

2018.08

2018.08-rc1

2018.08-rc2

2018.08-rc3

2018.11

2018.11-rc1

2018.11-rc2

2018.11-rc3

2019.*

2019.02

2019.02-rc1

2019.02-rc2

2019.02-rc3

2019.05

2019.05-rc1

2019.05-rc2

2019.05-rc3

2019.08

2019.08-rc1

2019.08-rc2

2019.08-rc3

2019.11

2019.11-rc1

2019.11-rc2

2019.11-rc3

2020.*

2020.02

2020.02-rc1

2020.02-rc2

2020.02-rc3

2020.05

2020.05-rc1

2020.05-rc2

2020.05-rc3

2020.08

2020.08-rc1

2020.08-rc2

2020.08-rc3

2020.11

2020.11-rc1

2020.11-rc2

2020.11-rc3

2021.*

2021.02

2021.02-rc1

2021.02-rc2

2021.02-rc3

2021.05

2021.05-rc1

2021.05-rc2

2021.05-rc3

2021.08

2021.08-rc1

2021.08-rc2

2021.08-rc3

2021.11

2021.11-rc1

2021.11-rc2

2021.11-rc3

2022.*

2022.02

2022.02-rc1

2022.02-rc2

2022.02-rc3

2022.05

2022.05-rc1

2022.05-rc2

2022.08

2022.08-rc1

2022.08-rc2

2022.11

2022.11-rc1

2022.11-rc2

2022.11-rc3

2023.*

2023.02

2023.02-rc1

2023.02-rc2

2023.02-rc3

2023.05

2023.05-rc1

2023.05-rc2

2023.05-rc3

2023.08

2023.08-rc1

2023.08-rc2

2023.08-rc3

2023.08.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-43608.json"