{"id":"CVE-2023-45841","details":"Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `versal-firmware` package.","modified":"2026-04-12T07:21:15.593561Z","published":"2023-12-05T12:15:43.773Z","references":[{"type":"WEB","url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1844"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2023/12/11/1"},{"type":"EVIDENCE","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/buildroot.org/buildroot","events":[{"introduced":"0"},{"last_affected":"9266ab06e0ef1a448ac3f1c848bba59ec9908fbf"}],"database_specific":{"cpe":"cpe:2.3:a:buildroot:buildroot:2023.08.1:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"2023.08.1"}]}}],"versions":["0_0","2009.05","2009.05_rc1","2009.05_rc2","2009.05_rc3","2009.08","2009.08_rc1","2009.08_rc2","2009.08_rc3","2009.11","2009.11_rc1","2009.11_rc2","2010.02","2010.02_rc1","2010.02_rc2","2010.05","2010.05_rc1","2010.05_rc2","2010.05_rc3","2010.08","2010.08_rc1","2010.08_rc2","2010.11","2010.11_rc1","2010.11_rc2","2011.02","2011.02_rc1","2011.02_rc2","2011.05","2011.05_rc1","2011.05_rc2","2011.08","2011.08_rc1","2011.08_rc2","2011.11","2011.11_rc1","2011.11_rc2","2011.11_rc3","2012.02","2012.02_rc1","2012.02_rc2","2012.02_rc3","2012.05","2012.05_rc1","2012.05_rc2","2012.05_rc3","2012.08","2012.08_rc1","2012.08_rc2","2012.08_rc3","2012.11","2012.11_rc1","2012.11_rc2","2013.02","2013.02_rc1","2013.02_rc2","2013.02_rc3","2013.05","2013.05_rc1","2013.05_rc2","2013.05_rc3","2013.08","2013.08_rc1","2013.08_rc2","2013.08_rc3","2013.11","2013.11-rc2","2013.11-rc3","2013.11_rc1","2014.02","2014.02-rc1","2014.02-rc2","2014.02-rc3","2014.05","2014.05-rc1","2014.05-rc2","2014.05-rc3","2014.08","2014.08-rc1","2014.08-rc2","2014.08-rc3","2014.11","2014.11-rc1","2014.11-rc2","2014.11-rc3","2015.02","2015.02-rc1","2015.02-rc2","2015.02-rc3","2015.05","2015.05-rc1","2015.05-rc2","2015.05-rc3","2015.08","2015.08-rc1","2015.08-rc2","2015.11","2015.11-rc1","2015.11-rc2","2015.11-rc3","2016.02","2016.02-rc1","2016.02-rc2","2016.02-rc3","2016.05","2016.05-rc1","2016.05-rc2","2016.05-rc3","2016.08","2016.08-rc1","2016.08-rc2","2016.08-rc3","2016.11","2016.11-rc1","2016.11-rc2","2016.11-rc3","2017.02","2017.02-rc1","2017.02-rc2","2017.02-rc3","2017.05","2017.05-rc1","2017.05-rc2","2017.05-rc3","2017.08","2017.08-rc1","2017.08-rc2","2017.08-rc3","2017.11","2017.11-rc1","2017.11-rc2","2018.02","2018.02-rc1","2018.02-rc2","2018.02-rc3","2018.05","2018.05-rc1","2018.05-rc2","2018.05-rc3","2018.08","2018.08-rc1","2018.08-rc2","2018.08-rc3","2018.11","2018.11-rc1","2018.11-rc2","2018.11-rc3","2019.02","2019.02-rc1","2019.02-rc2","2019.02-rc3","2019.05","2019.05-rc1","2019.05-rc2","2019.05-rc3","2019.08","2019.08-rc1","2019.08-rc2","2019.08-rc3","2019.11","2019.11-rc1","2019.11-rc2","2019.11-rc3","2020.02","2020.02-rc1","2020.02-rc2","2020.02-rc3","2020.05","2020.05-rc1","2020.05-rc2","2020.05-rc3","2020.08","2020.08-rc1","2020.08-rc2","2020.08-rc3","2020.11","2020.11-rc1","2020.11-rc2","2020.11-rc3","2021.02","2021.02-rc1","2021.02-rc2","2021.02-rc3","2021.05","2021.05-rc1","2021.05-rc2","2021.05-rc3","2021.08","2021.08-rc1","2021.08-rc2","2021.08-rc3","2021.11","2021.11-rc1","2021.11-rc2","2021.11-rc3","2022.02","2022.02-rc1","2022.02-rc2","2022.02-rc3","2022.05","2022.05-rc1","2022.05-rc2","2022.08","2022.08-rc1","2022.08-rc2","2022.11","2022.11-rc1","2022.11-rc2","2022.11-rc3","2023.02","2023.02-rc1","2023.02-rc2","2023.02-rc3","2023.05","2023.05-rc1","2023.05-rc2","2023.05-rc3","2023.08","2023.08-rc1","2023.08-rc2","2023.08-rc3","2023.08.1","gcc3_legacy"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-45841.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}