PT-2023-28873 · Buildroot · Buildroot
Claudio Bozzato
+1
·
Published
2023-12-05
·
Updated
2023-12-11
·
CVE-2023-43608
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Buildroot versions 2023.08.1 and dev commit 622698d7847
Description
A data integrity issue exists in the BR NO CHECK HASH FOR functionality, allowing a specially crafted man-in-the-middle attack to lead to arbitrary command execution in the builder.
Recommendations
For Buildroot version 2023.08.1, consider disabling the BR NO CHECK HASH FOR functionality until a patch is available.
For dev commit 622698d7847, restrict access to the builder to minimize the risk of exploitation.
As a temporary workaround, avoid using the BR NO CHECK HASH FOR functionality in the builder until the issue is resolved.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Buildroot