156 matches found
EUVD-2026-23943
AWS Encryption SDK for Python: Key commitment policy bypass via shared key cache...
AWS Encryption SDK for Python: Key commitment policy bypass via shared key cache
Summary AWS Encryption SDK ESDK for Python is a client-side encryption library. An issue exists where, under certain circumstances, a specific cryptographic algorithm downgrade in the caching layer might allow an authenticated local threat actor to bypass key commitment policy enforcement via a...
GHSA-V638-38FC-RHFV AWS Encryption SDK for Python: Key commitment policy bypass via shared key cache
Summary AWS Encryption SDK ESDK for Python is a client-side encryption library. An issue exists where, under certain circumstances, a specific cryptographic algorithm downgrade in the caching layer might allow an authenticated local threat actor to bypass key commitment policy enforcement via a...
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
Overview aws-encryption-sdk is an AWS Encryption SDK implementation for Python Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation 'Algorithm Downgrade' via the shared key cache. An attacker can bypass key commitment policy enforcement by...
CVE-2026-6550 Key commitment policy bypass via shared key cache in AWS Encryption SDK for Python
Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be...
CVE-2026-6550 Key commitment policy bypass via shared key cache in AWS Encryption SDK for Python
Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be...
CVE-2026-6550
The vulnerability CVE-2026-6550 affects the AWS Encryption SDK for Python in its caching layer. A cryptographic downgrade in the key cache could allow an authenticated local actor to bypass key commitment policy enforcement, enabling ciphertext to be decrypted into multiple possible plaintexts. A...
SP1 V6 Recursion Circuit Row-Count Binding Gap
Summary A soundness vulnerability in the SP1 V6 recursive shard verifier allows a malicious prover to construct a recursive proof from a shard proof that the native verifier would reject. - Affected versions: = 6.0.0, = 6.0.2 - Not affected: SP1 V5 all versions - Severity: High Details Background...
Missing Cryptographic Key Commitment
aws-sdk-s3 is vulnerable to Missing Cryptographic Key Commitment. The vulnerability is due to improper validation of encrypted data keys when stored in instruction files instead of S3 metadata, which allows an attacker with write access to the S3 bucket to introduce a malicious EDK that decrypts ...
Missing Cryptographic Key Commitment
aws/aws-sdk-php is vulnerable to missing cryptographic key commitment. The vulnerability is due to improper handling of encrypted data keys when stored in instruction files instead of S3 metadata, which allows an attacker with write access to the S3 bucket to introduce a malicious EDK that decryp...
Missing Cryptographic Key Commitment
github.com/aws/amazon-s3-encryption-client-go is vulnerable to missing cryptographic key commitment. The vulnerability is due to improper validation of encrypted data keys when stored in instruction files instead of metadata, which allows an attacker with write access to the S3 bucket to introduc...
Missing Cryptographic Key Commitment
software.amazon.encryption.s3, amazon-s3-encryption-client-java is vulnerable to missing cryptographic key commitment. The vulnerability is due to improper validation of encrypted data keys when stored in instruction files instead of metadata, which allows an attacker with write access to the S3...
Missing Cryptographic Key Commitment
Amazon.Extensions.S3.Encryption is vulnerable to Missing Cryptographic Key Commitment. The vulnerability is due to lack of cryptographic key commitment when storing encrypted data keys in instruction files instead of S3 metadata, which allows an attacker with write access to the bucket to introdu...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in aws-sdk-s3-1.199.0.gem
Summary IBM Watson Discovery Cartridge affected by vulnerability in aws-sdk-s3-1.199.0.gem Vulnerability Details CVEID:CVE-2025-14762 DESCRIPTION: Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts ...
kernel: Linux kernel: Data corruption and system instability due to improper io_uring/net buffer handling
A flaw was found in the Linux kernel's iouring/net component. This vulnerability arises when ring provided buffers are partially committed during network operations, particularly when MSGWAITALL is enabled or with streaming sockets. A local attacker could exploit this by causing multiple socket...
Stella_JRPG_POC
Stella JRPG POC Goal: a small proof-of-concept for a 4-phase J...
Amazon S3 Encryption Client for Java < 4.0.0 Key Commitment (AWS-2025-032)
The version of Amazon S3 Encryption Client for Java on the remote host is 4.0.0. It is, therefore, affected by a key commitment vulnerability as referenced in the AWS-2025-032 advisory. Missing cryptographic key commitment in the Amazon S3 Encryption Client for Java may allow a user with write...
SUSE CVE-2025-14764
Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigat...
GO-2025-4250 Amazon S3 Encryption Client has a Key Commitment Issue in github.com/aws/amazon-s3-encryption-client-go
Amazon S3 Encryption Client has a Key Commitment Issue in github.com/aws/amazon-s3-encryption-client-go...
CVE-2025-14764
Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigat...