CVE-2023-46324

UNKNOWN 0.0

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its private key and the attacker's public key.

Vendor	n/a
Product	n/a
Published	Oct 23, 2023
Last Updated	Aug 2, 2024

Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new unknown vulnerabilities affecting n/a n/a are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / n/a

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/free5gc/udm/pull/20 github.com: https://github.com/free5gc/udm/compare/v1.1.1...v1.2.0 gsma.com: https://www.gsma.com/security/wp-content/uploads/2023/10/0073-invalid_curve.pdf