Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-4428

Опубликовано: 19 мар. 2026
Источник: redhat
CVSS3: 5.9
EPSS Низкий

Описание

A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0.

A flaw was found in AWS-LC, a cryptographic library. A logic error in how the library validates Certificate Revocation List (CRL) distribution points can cause legitimate partitioned CRLs to be incorrectly rejected. This allows a revoked certificate to bypass certificate revocation checks, potentially leading to the acceptance of invalid or compromised certificates and compromising system security.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Confidential Compute Attestationopenshift-sandboxed-containers/osc-monitor-rhel9Fix deferred
Confidential Compute Attestationopenshift-sandboxed-containers/osc-operator-bundleFix deferred
Confidential Compute Attestationopenshift-sandboxed-containers/osc-podvm-builder-rhel9Fix deferred
Confidential Compute Attestationopenshift-sandboxed-containers/osc-podvm-payload-rhel9Fix deferred
Confidential Compute Attestationopenshift-sandboxed-containers/osc-rhel9-operatorFix deferred
OpenShift Lightspeedopenshift-lightspeed/lightspeed-service-api-rhel9Fix deferred
Red Hat Enterprise Linux 10clevis-pin-trusteeFix deferred
Red Hat Enterprise Linux 10trusteeFix deferred
Red Hat Enterprise Linux 10virt-firmware-rsFix deferred
Red Hat Enterprise Linux 9clevis-pin-trusteeFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-295
https://bugzilla.redhat.com/show_bug.cgi?id=2449205AWS-LC: AWS-LC: Security bypass allows revoked certificates to be accepted due to CRL validation error

EPSS

Процентиль: 6%
0.00022
Низкий

5.9 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2026-4428

CVSS3: 7.4
nvd
21 день назад

A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0.

EPSS

Процентиль: 6%
0.00022
Низкий

5.9 Medium

CVSS3