Suggestions search

Published

Filter by:

With package: aws-lc

Found 3 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-3336

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): HIGH
Availability impact (A): NONE

updated 2 weeks, 6 days ago by @LeSuisse Activity log

Created automatic suggestion 2 weeks, 6 days ago
@LeSuisse accepted 2 weeks, 6 days ago
@LeSuisse published on GitHub 2 weeks, 6 days ago

PKCS7_verify Certificate Chain Validation Bypass in AWS-LC

Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.

References

https://aws.amazon.com/security/security-bulletins/2026-005-AWS/ vendor-advisory
https://github.com/aws/aws-lc/releases/tag/v1.69.0 patch
https://github.com/aws/aws-lc/security/advisories/GHSA-cfwj-9wp5-wqvp third-party-advisory

Affected products

AWS-LC

<1.69.0

Matching in nixpkgs

pkgs.aws-lc

General-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers

nixos-unstable 1.67.0
- nixpkgs-unstable 1.67.0
- nixos-unstable-small 1.67.0
nixos-25.11 1.65.0
- nixos-25.11-small 1.65.0
- nixpkgs-25.11-darwin 1.65.0

Package maintainers

@theoparis Theo Paris <theo@tinted.dev>

Upstream advisory: https://github.com/aws/aws-lc/security/advisories/GHSA-cfwj-9wp5-wqvp

Permalink CVE-2026-3337

5.9 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): HIGH
Availability impact (A): NONE

updated 2 weeks, 6 days ago by @LeSuisse Activity log

Created automatic suggestion 2 weeks, 6 days ago
@LeSuisse accepted 2 weeks, 6 days ago
@LeSuisse published on GitHub 2 weeks, 6 days ago

Timing Side-Channel in AES-CCM Tag Verification in AWS-LC

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVP_aes_128_ccm, EVP_aes_192_ccm, and EVP_aes_256_ccm. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.

References

https://aws.amazon.com/security/security-bulletins/2026-005-AWS/ vendor-advisory
https://github.com/aws/aws-lc/releases/tag/v1.69.0 patch
https://github.com/aws/aws-lc/security/advisories/GHSA-frmv-5gcm-jwxh third-party-advisory

Affected products

AWS-LC

<1.69.0

AWS-LC-FIPS

<3.2.0

Matching in nixpkgs

pkgs.aws-lc

General-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers

nixos-unstable 1.67.0
- nixpkgs-unstable 1.67.0
- nixos-unstable-small 1.67.0
nixos-25.11 1.65.0
- nixos-25.11-small 1.65.0
- nixpkgs-25.11-darwin 1.65.0

Package maintainers

@theoparis Theo Paris <theo@tinted.dev>

Upstream advisory: https://github.com/aws/aws-lc/security/advisories/GHSA-frmv-5gcm-jwxh

Permalink CVE-2026-3338

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): HIGH
Availability impact (A): NONE

updated 2 weeks, 6 days ago by @LeSuisse Activity log

Created automatic suggestion 2 weeks, 6 days ago
@LeSuisse accepted 2 weeks, 6 days ago
@LeSuisse published on GitHub 2 weeks, 6 days ago

PKCS7_verify Signature Validation Bypass in AWS-LC

Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.

References

https://aws.amazon.com/security/security-bulletins/2026-005-AWS/ vendor-advisory
https://github.com/aws/aws-lc/releases/tag/v1.69.0 patch
https://github.com/aws/aws-lc/security/advisories/GHSA-jchq-39cv-q4wj third-party-advisory

Affected products

AWS-LC

<1.69.0

Matching in nixpkgs

pkgs.aws-lc

General-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers

nixos-unstable 1.67.0
- nixpkgs-unstable 1.67.0
- nixos-unstable-small 1.67.0
nixos-25.11 1.65.0
- nixos-25.11-small 1.65.0
- nixpkgs-25.11-darwin 1.65.0

Package maintainers

@theoparis Theo Paris <theo@tinted.dev>

Upstream advisory: https://github.com/aws/aws-lc/security/advisories/GHSA-jchq-39cv-q4wj