CVE-2026-3338

High CVSS: 8.7

Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes.

Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.

Vendor

Amazon

Product

Aws-lc-sys

CWE

CWE-347

Yayın Tarihi

2026-03-02 22:16:32

Güncelleme

2026-03-11 16:54:59

Source Identifier

ff89ba41-3aa1-4d27-914a-91399e9639e5

KEV Date Added

Kategoriler

CWE-347 Aws-lc-sys HIGH Amazon 2026

Referanslar

https://aws.amazon.com/security/security-bulletins/2026-005-AWS/ https://github.com/aws/aws-lc/releases/tag/v1.69.0 https://github.com/aws/aws-lc/security/advisories/GHSA-jchq-39cv-q4wj

Benzer Kayıtlar

High

CVE-2026-3337

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine au…

High

CVE-2026-3336

Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain v…

Medium

CVE-2026-1386

A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on L…

High

CVE-2025-14503

An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account…

High

CVE-2025-9624

A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string input…

High

CVE-2025-62371

OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSe…