Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `versal-firmware` package.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
下载代码缺少完整性检查
Vulnerability Title
Buildroot 安全漏洞
Vulnerability Description
Buildroot是Buildroot开源的一组 Makefile 和 Patch 文件。用来简化和自动化为嵌入式系统建造一个完整和可引导的 Linux 环境的过程。 Buildroot 2023.08.1版本和dev commit 622698d7847版本存在安全漏洞,该漏洞源于hash checking功能存在数据完整性漏洞。攻击者可利用漏洞执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A