CVE-2023-45840

Source
https://cve.org/CVERecord?id=CVE-2023-45840
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45840.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-45840
Published
2023-12-05T11:30:10.883Z
Modified
2026-07-15T01:48:55.023217366Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the riscv64-elf-toolchain package.

Database specific
{
    "cwe_ids": [
        "CWE-494"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/45xxx/CVE-2023-45840.json",
    "cna_assigner": "talos",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "2023.08.1"
                },
                {
                    "last_affected": "2023.08.1"
                },
                {
                    "introduced": "dev commit 622698d7847"
                },
                {
                    "last_affected": "dev commit 622698d7847"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ]
}
References

Affected packages

Git / gitlab.com/buildroot.org/buildroot

Affected ranges

Type
GIT
Repo
https://gitlab.com/buildroot.org/buildroot
Events
Database specific
{
    "cpe": "cpe:2.3:a:buildroot:buildroot:2023.08.1:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "2023.08.1"
        },
        {
            "last_affected": "2023.08.1"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

2023.*
2023.08.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45840.json"