PT-2023-29725 · Buildroot+1 · Buildroot+1

Claudio Bozzato

Publicado

2023-12-05

Atualizado

2023-12-12

CVE-2023-45839

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Buildroot versions 2023.08.1 through dev commit 622698d7847

Description Multiple data integrity vulnerabilities exist in the package hash checking functionality. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder. This issue is related to the aufs-util package.

Recommendations For Buildroot version 2023.08.1, consider disabling the package hash checking functionality until a patch is available. For Buildroot dev commit 622698d7847, restrict access to the aufs-util package to minimize the risk of exploitation. As a temporary workaround, avoid using the package hash checking functionality in the builder until the issue is resolved.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-494

Identificadores relacionados

CVE-2023-45839

Produtos afetados

Buildroot

Aufs-Util

PT-2023-29725 · Buildroot+1 · Buildroot+1

CVE-2023-45839

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9