CVE-2023-45842

Name of the Vulnerable Software and Affected Versions Buildroot versions 2023.08.1 through 2023.08.1 Buildroot dev commit 622698d7847

Description Multiple data integrity vulnerabilities exist in the package hash checking functionality. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder. This issue is related to the mxsldr package.

Recommendations For Buildroot version 2023.08.1, consider updating to a newer version that addresses the package hash checking functionality vulnerabilities. For Buildroot dev commit 622698d7847, as a temporary workaround, consider restricting the use of the mxsldr package until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.