2 matches found
CVE-2020-8897
CVE-2020-8897 : A weak robustness vulnerability affects the AWS Encryption SDKs for Java, Python, C and Javalcript prior to 2.0.0. The non-committing property of AES-GCM (and related AEAD ciphers) can let an attacker craft a unique ciphertext that decrypts to multiple different results, which is ...
CVE-2024-23680
CVE-2024-23680 affects the AWS Encryption SDK for Java (versions 2.0.0–2.2.0 and older than 1.9.0). The issue is that the library incorrectly validates certain invalid ECDSA signatures, with Red Hat/CVE and OSV entries corroborating the vulnerable range and nature. The practical impact stated acr...