CVE-2026-3338
- EPSS 0.01%
- Veröffentlicht 02.03.2026 21:22:41
- Zuletzt bearbeitet 11.03.2026 16:54:59
Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action. Applicatio...
CVE-2026-3337
- EPSS 0.03%
- Veröffentlicht 02.03.2026 21:20:08
- Zuletzt bearbeitet 11.03.2026 17:14:55
Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVP_aes_128_ccm, E...
CVE-2026-3336
- EPSS 0.01%
- Veröffentlicht 02.03.2026 21:15:16
- Zuletzt bearbeitet 11.03.2026 17:16:00
Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need t...