Nixpkgs security tracker

Permalink CVE-2026-4428

7.4 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): None (N)

created 2 months ago Activity log

Created suggestion 2 months ago

CRL Distribution Point Scope Check Logic Error in AWS-LC

A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0.

References

https://aws.amazon.com/security/security-bulletins/2026-010-AWS/ vendor-advisory
https://github.com/aws/aws-lc/releases/tag/v1.71.0 patch

Affected products

AWS-LC

<1.71.0

AWS-LC-FIPS

<3.3.0

Matching in nixpkgs

pkgs.aws-lc

General-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers

nixos-unstable 1.69.0
- nixpkgs-unstable 1.69.0
- nixos-unstable-small 1.69.0
nixos-25.11 1.65.0
- nixos-25.11-small 1.65.0
- nixpkgs-25.11-darwin 1.65.0

Package maintainers

@theoparis Theo Paris <theo@tinted.dev>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.aws-lc

Package maintainers