National Cyber Warfare Foundation (NCWF) Forums


CVE-2023-46324
0 user ratings		2023-10-23 05:10:41
milo
CVEs
 - archive -- 
pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its private key and the attacker's public key.

CVE-2023-46324
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46324
pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its private key and the attacker's public key.
2023-10-23T01:15:07Z

Source: CVEAnnouncements
Source Link: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46324

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
CVEs


Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.