Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its private key and the attacker's public key.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
free5GC 数据伪造问题漏洞
Vulnerability Description
free5GC是free5GC开源的一个第 5 代 (5G) 移动核心网络的开源项目。 free5GC udm 1.2.0 之前版本存在安全漏洞,该漏洞源于pkg/suci/suci.go存在问题,当使用 1.19 之前的 Go 时,允许无效曲线攻击, 攻击者利用该漏洞可以向 UDM 发送任意 SUCI,UDM 会尝试通过其私钥和攻击者的公钥对其进行解密。
CVSS Information
N/A
Vulnerability Type
N/A