Alpine Linux Development TeamALPINE:CVE-2023-49292CVE-2023-49292
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
7.2 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
20.6%
ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate(), Decapsulate() and ECDH() could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | 3.19-community | noarch | go | = 1.21.10-r0 | UNKNOWN |
| Alpine | 3.20-community | noarch | go | = 1.22.4-r0 | UNKNOWN |
| Alpine | edge-community | noarch | go | = 1.22.4-r1 | UNKNOWN |
Related
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
7.2 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
20.6%