Описание
Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes.
Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.
Ссылки
- Vendor Advisory
- Release Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 0.24.0 (включая) до 0.38.0 (исключая)Версия от 1.41.0 (включая) до 1.69.0 (исключая)
Одно из
cpe:2.3:a:amazon:aws-lc-sys:*:*:*:*:*:rust:*:*
cpe:2.3:a:amazon:aws_libcrypto:*:*:*:*:*:*:*:*
EPSS
Процентиль: 1%
0.0001
Низкий
7.5 High
CVSS3
Дефекты
CWE-347
Связанные уязвимости
CVSS3: 7.5
redhat
24 дня назад
Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.
EPSS
Процентиль: 1%
0.0001
Низкий
7.5 High
CVSS3
Дефекты
CWE-347