Aws Aws-lc
4 CVEs affecting Aws Aws-lc. Latest disclosed: 2026-03-19. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-3338 | High | 7.5 | 2026-03-02 | Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Au… |
CVE-2026-3336 | High | 7.5 | 2026-03-02 | Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objec… |
CVE-2026-4428 | High | 7.4 | 2026-03-19 | A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a… |
CVE-2026-3337 | Medium | 5.9 | 2026-03-02 | Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing an… |