Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-3338

Опубликовано: 02 мар. 2026
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.

A flaw was found in AWS-LC. An unauthenticated user can bypass signature verification when processing PKCS7 objects with Authenticated Attributes due to improper signature validation in the PKCS7_verify() function. This vulnerability allows an attacker to potentially compromise the integrity of signed data.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Confidential Compute Attestationopenshift-sandboxed-containers/osc-monitor-rhel9Affected
Confidential Compute Attestationopenshift-sandboxed-containers/osc-operator-bundleAffected
Confidential Compute Attestationopenshift-sandboxed-containers/osc-podvm-builder-rhel9Affected
Confidential Compute Attestationopenshift-sandboxed-containers/osc-podvm-payload-rhel9Affected
Confidential Compute Attestationopenshift-sandboxed-containers/osc-rhel9-operatorAffected
Red Hat Enterprise Linux 10clevis-pin-trusteeWill not fix
Red Hat Enterprise Linux 10trusteeWill not fix
Red Hat Enterprise Linux 10virt-firmware-rsNot affected
Red Hat Enterprise Linux 9clevis-pin-trusteeAffected
Red Hat OpenShift Container Platform 4kata-containersAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-347
https://bugzilla.redhat.com/show_bug.cgi?id=2444025aws-lc: AWS-LC: Signature bypass due to improper validation in PKCS7_verify()

EPSS

Процентиль: 1%
0.0001
Низкий

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2026-3338

CVSS3: 7.5
nvd
24 дня назад

Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.

msrc логотип

CVE-2026-3338

msrc
22 дня назад

PKCS7_verify Signature Validation Bypass in AWS-LC

EPSS

Процентиль: 1%
0.0001
Низкий

7.5 High

CVSS3