CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when...

5.5CVSS6.3AI score0.00154EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 3:57 a.m.•6 views

CVE-2023-46324

pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its...

7.5CVSS6.8AI score0.0007EPSS

Exploits0

Rosalinux•added 2024/06/27 10:51 a.m.•36 views

Advisory ROSA-SA-2024-2438

Software: opencryptoki 3.14.0 OS: ROSA Virtualization 2.1 packageevrstring: opencryptoki-3.14.0 CVE-ID: CVE-2021-3798 BDU-ID: CVE-Crit: MEDIUM. CVE-DESC.: The openCryptoki software token does not check if the EC key is valid when the EC key is created with CCreateObject and when CDeriveKey is use...

5.5CVSS6.8AI score0.00154EPSS

Exploits0

Veracode•added 2023/10/24 3:5 a.m.•22 views

Invalid Curve Attack

github.com/free5gc/udm is vulnerable to Invalid Curve Attack. The vulnerability exists in the profileB function at suci.go due to lack of validation if a point on the curve is valid which allows an attacker to send arbitrary SUCIs to the UDM which will then be decrypted...

7.5CVSS7AI score0.0007EPSS

Exploits0References5Affected Software1

OSV•added 2023/10/23 3:30 a.m.•78 views

GHSA-CQVV-R3G3-26RF free5GC udm vulnerable to Invalid Curve Attack

7.5CVSS7.5AI score0.0007EPSS

Exploits0References6

Github Security Blog•added 2023/10/23 3:30 a.m.•28 views

free5GC udm vulnerable to Invalid Curve Attack

7.5CVSS6.8AI score0.0007EPSS

Exploits0References6Affected Software1

NVD•added 2023/10/23 1:15 a.m.•9 views

CVE-2023-46324

7.5CVSS7.5AI score0.0007EPSS

Exploits0References3

ATTACKERKB•added 2023/10/23 1:15 a.m.•2 views

CVE-2023-46324

7.5CVSS5.9AI score0.0007EPSS

Exploits0References4

OSV•added 2023/10/23 1:15 a.m.•19 views

CVE-2023-46324

7.5CVSS7.1AI score

Exploits0References3

Prion•added 2023/10/23 1:15 a.m.•21 views

Code injection

5CVSS7.5AI score0.0007EPSS

Exploits0References3Affected Software1

CNNVD•added 2023/10/23 12:0 a.m.•1 views

free5GC Data Forgery Issue Vulnerability

free5GC is an open source project for 5th Generation 5G mobile core networks open sourced by free5GC. A security vulnerability exists in free5GC udm versions prior to 1.2.0, which stems from a problem in pkg/suci/suci.go that allows an invalid curve attack when using Go prior to 1.19. An attacker...

7.5CVSS6.7AI score0.0007EPSS

Exploits0References3

Cvelist•added 2023/10/23 12:0 a.m.•13 views

CVE-2023-46324

7.7AI score0.0007EPSS

Exploits0References3

CVE•added 2023/10/23 12:0 a.m.•65 views

CVE-2023-46324

CVE-2023-46324 affects free5GC UDM before 1.2.0. The vulnerability in pkg/suci/suci.go arises when using Go

7.5CVSS7.4AI score0.0007EPSS

Exploits0References3Affected Software1

SUSE CVE•added 2023/02/15 3:48 a.m.•3 views

SUSE CVE-2021-3798

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack...

5.5CVSS8.8AI score0.00154EPSS

Exploits0References3

Microsoft CVE•added 2022/08/30 7:0 a.m.•2 views

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.

...

5.5CVSS5.9AI score0.00154EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by