Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: aws-lc

Found 4 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-4428
7.4 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
created 3 days, 4 hours ago
CRL Distribution Point Scope Check Logic Error in AWS-LC

A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0.

References

Affected products

AWS-LC
  • <1.71.0
AWS-LC-FIPS
  • <3.3.0

Matching in nixpkgs

Package maintainers

Published
Permalink CVE-2026-3336
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 2 weeks, 5 days ago by @LeSuisse Activity log
  • Created automatic suggestion 2 weeks, 6 days ago
  • @LeSuisse accepted 2 weeks, 5 days ago
  • @LeSuisse published on GitHub 2 weeks, 5 days ago
PKCS7_verify Certificate Chain Validation Bypass in AWS-LC

Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.

References

Affected products

AWS-LC
  • <1.69.0

Matching in nixpkgs

Package maintainers

Upstream advisory: https://github.com/aws/aws-lc/security/advisories/GHSA-cfwj-9wp5-wqvp
Published
Permalink CVE-2026-3337
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 2 weeks, 5 days ago by @LeSuisse Activity log
  • Created automatic suggestion 2 weeks, 6 days ago
  • @LeSuisse accepted 2 weeks, 5 days ago
  • @LeSuisse published on GitHub 2 weeks, 5 days ago
Timing Side-Channel in AES-CCM Tag Verification in AWS-LC

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVP_aes_128_ccm, EVP_aes_192_ccm, and EVP_aes_256_ccm. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.

References

Affected products

AWS-LC
  • <1.69.0
AWS-LC-FIPS
  • <3.2.0

Matching in nixpkgs

Package maintainers

Upstream advisory: https://github.com/aws/aws-lc/security/advisories/GHSA-frmv-5gcm-jwxh
Published
Permalink CVE-2026-3338
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 2 weeks, 5 days ago by @LeSuisse Activity log
  • Created automatic suggestion 2 weeks, 6 days ago
  • @LeSuisse accepted 2 weeks, 5 days ago
  • @LeSuisse published on GitHub 2 weeks, 5 days ago
PKCS7_verify Signature Validation Bypass in AWS-LC

Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.

References

Affected products

AWS-LC
  • <1.69.0

Matching in nixpkgs

Package maintainers

Upstream advisory: https://github.com/aws/aws-lc/security/advisories/GHSA-jchq-39cv-q4wj