CVE-2023-45840

Name of the Vulnerable Software and Affected Versions Buildroot versions 2023.08.1 through 2023.08.1 Buildroot dev commit 622698d7847

Description Multiple data integrity vulnerabilities exist in the package hash checking functionality. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder. This issue is related to the riscv64-elf-toolchain package.

Recommendations For Buildroot version 2023.08.1, consider updating to a newer version that addresses the package hash checking functionality issue. For Buildroot dev commit 622698d7847, as a temporary workaround, consider restricting the use of the riscv64-elf-toolchain package until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.