GCVE - cpe:2.3:a:aws:aws-lc:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:aws:aws-lc:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Aws (`e6707f00-6abb-51df-808c-9e3417305027`)
Product	Aws Lc (`df616221-b90e-5b62-95b7-56794201585d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-4428`	vulnerable	2026-06-03 15:26:25.466000	CRL Distribution Point Scope Check Logic Error in AWS-LC HIGH (7.4) A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0. Published: 2026-03-19T20:37:53.851Z Updated: 2026-03-25T14:13:42.572Z Open on db.gcve.eu Reference links https://aws.amazon.com/security/security-bulletins/2026-010-AWS/ https://github.com/aws/aws-lc/releases/tag/v1.71.0	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-3338`	vulnerable	2026-06-03 15:23:32.153308	PKCS7_verify Signature Validation Bypass in AWS-LC HIGH (7.5) Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0. Published: 2026-03-02T21:22:41.954Z Updated: 2026-03-03T14:39:48.768Z Open on db.gcve.eu Reference links https://aws.amazon.com/security/security-bulletins/2026-005-AWS/ https://github.com/aws/aws-lc/releases/tag/v1.69.0 https://github.com/aws/aws-lc/security/advisories/GHSA-jchq-39cv-q4wj	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-3337`	vulnerable	2026-06-03 15:23:32.144666	Timing Side-Channel in AES-CCM Tag Verification in AWS-LC MEDIUM (5.9) Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVP_aes_128_ccm, EVP_aes_192_ccm, and EVP_aes_256_ccm. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0. Published: 2026-03-02T21:20:08.532Z Updated: 2026-03-03T20:04:27.577Z Open on db.gcve.eu Reference links https://aws.amazon.com/security/security-bulletins/2026-005-AWS/ https://github.com/aws/aws-lc/releases/tag/v1.69.0 https://github.com/aws/aws-lc/security/advisories/GHSA-frmv-5gcm-jwxh	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-3336`	vulnerable	2026-06-03 15:23:32.138592	PKCS7_verify Certificate Chain Validation Bypass in AWS-LC HIGH (7.5) Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0. Published: 2026-03-02T21:15:16.709Z Updated: 2026-03-03T20:05:26.157Z Open on db.gcve.eu Reference links https://aws.amazon.com/security/security-bulletins/2026-005-AWS/ https://github.com/aws/aws-lc/releases/tag/v1.69.0 https://github.com/aws/aws-lc/security/advisories/GHSA-cfwj-9wp5-wqvp	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.