Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the riscv64-elf-toolchain package.
{
"cwe_ids": [
"CWE-494"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/45xxx/CVE-2023-45840.json",
"cna_assigner": "talos",
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "2023.08.1"
},
{
"last_affected": "2023.08.1"
},
{
"introduced": "dev commit 622698d7847"
},
{
"last_affected": "dev commit 622698d7847"
}
],
"source": "AFFECTED_FIELD"
}
]
}