Multiple data integrity vulnerabilities exist in the...
High severity
Unreviewed
Published
Dec 5, 2023
to the GitHub Advisory Database
•
Updated Dec 12, 2023
Description
Published by the National Vulnerability Database
Dec 5, 2023
Published to the GitHub Advisory Database
Dec 5, 2023
Last updated
Dec 12, 2023
Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the
riscv64-elf-toolchain
package.References