Описание
Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer.
Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.
Ссылки
- Vendor Advisory
- Release Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 0.24.0 (включая) до 0.38.0 (исключая)Версия от 1.41.0 (включая) до 1.69.0 (исключая)
Одно из
cpe:2.3:a:amazon:aws-lc-sys:*:*:*:*:*:rust:*:*
cpe:2.3:a:amazon:aws_libcrypto:*:*:*:*:*:*:*:*
EPSS
Процентиль: 1%
0.0001
Низкий
7.5 High
CVSS3
Дефекты
CWE-295
Связанные уязвимости
CVSS3: 7.5
redhat
24 дня назад
Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.
EPSS
Процентиль: 1%
0.0001
Низкий
7.5 High
CVSS3
Дефекты
CWE-295