CVE-2023-46324 in udminfo

Zusammenfassung

von MITRE • 25.10.2023

pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its private key and the attacker's public key.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservieren

23.10.2023

Veröffentlichung

25.10.2023

Moderieren

akzeptiert

Eintrag

VDB-243142

CPE

bereit

EPSS

0.00408

KEV

nein

Aktivitäten

very low

Quellen

Do you need the next level of professionalism?

Upgrade your account now!