3 matches found
CVE-2026-3338
The vulnerability CVE-2026-3338 arises from improper signature validation in PKCS7_verify() within the AWS-LC library, allowing an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Affected component: AWS-LC. Root cause: flawed sign...
CVE-2026-3336 PKCS7_verify Certificate Chain Validation Bypass in AWS-LC
Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should...
CVE-2026-3336
This CVE affects AWS-LC: improper certificate validation in PKCS7_verify() can bypass certificate chain verification for PKCS7 objects with multiple signers (excluding the final signer). Impact is high (integrity risk) with network attack potential. AWS customers are not required to act, but appl...