Описание
A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks.
To remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0.
EPSS
Процентиль: 6%
0.00022
Низкий
7.4 High
CVSS3
Дефекты
CWE-299
Связанные уязвимости
CVSS3: 5.9
redhat
21 день назад
A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0.
EPSS
Процентиль: 6%
0.00022
Низкий
7.4 High
CVSS3
Дефекты
CWE-299