CVE-2023-46324 — free5GC udm vulnerable to Invalid Curve Attack

Description

pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its private key and the attacker's public key.

How to fix CVE-2023-46324

To remediate CVE-2023-46324, upgrade the affected package to a fixed version below.

—upgrade to 1.2.0 or later

Is CVE-2023-46324 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 1.2.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-46324
PATCHgithub.com/free5gc/udm
WEBgithub.com/free5gc/udm/commit/5e1479cc686f058992557669b13fd3761a1b6024
WEBgithub.com/free5gc/udm/compare/v1.1.1...v1.2.0
WEB