Home > Vulnerability Database > CVE-2023-49292

Mend.io Vulnerability Database

CVE-2023-49292

Good to know:

Date: December 4, 2023

ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate(), Decapsulate() and ECDH() could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade.

Language: Go

Severity Score

4.8

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-49292

Url: https://github.com/ashutosh1206/Crypton/blob/master/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/README.md

Url: https://github.com/ecies/go/security/advisories/GHSA-8j98-cjfr-qx3h

Url: https://github.com/ecies/go/releases/tag/v2.0.8

Url: https://github.com/ecies/go/commit/c6e775163866d6ea5233eb8ec8530a9122101ebd

Url: https://www.mend.io/vulnerability-database/CVE-2023-49292

Severity Score

4.8

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version v2.0.8

Learn More

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-49292

Good to know:

Date: December 4, 2023

Language: Go

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?