CVE-2023-43608
HIGHBuildroot 2023.08.1 and dev commit 622698d7847 - Arbitrary Command Execution via BR_NO_CHECK_HASH_FOR
Title source: llmDescription
A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.
References (3)
Core 3
Core References
Patch, Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/12/11/1
Exploit, Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1845
Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1845
Scores
CVSS v3
8.1
EPSS
0.0082
EPSS Percentile
52.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-494
Status
published
Products (1)
buildroot/buildroot
2023.08.1
Published
Dec 05, 2023
Tracked Since
Feb 18, 2026