High severityNVD Advisory· Published Oct 23, 2023· Updated Aug 2, 2024
CVE-2023-46324
CVE-2023-46324
Description
pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its private key and the attacker's public key.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/free5gc/udmGo | < 1.2.0 | 1.2.0 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-cqvv-r3g3-26rfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-46324ghsaADVISORY
- github.com/free5gc/udm/commit/5e1479cc686f058992557669b13fd3761a1b6024ghsaWEB
- github.com/free5gc/udm/compare/v1.1.1...v1.2.0ghsaWEB
- github.com/free5gc/udm/pull/20ghsaWEB
- www.gsma.com/security/wp-content/uploads/2023/10/0073-invalid_curve.pdfghsaWEB
News mentions
0No linked articles in our index yet.