CVE-2023-45838

Name of the Vulnerable Software and Affected Versions Buildroot versions 2023.08.1 through dev commit 622698d7847

Description Multiple data integrity vulnerabilities exist in the package hash checking functionality. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder. This issue is related to the aufs package. The vulnerability can be exploited by a remote attacker to perform a man-in-the-middle attack.

Recommendations For Buildroot versions 2023.08.1 through dev commit 622698d7847, consider disabling the aufs package as a temporary workaround until a patch is available. Restrict access to the package hash checking functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.