aws-lc-sys
crates.io2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting aws-lc-syspage 1 of 1
- CVE-2026-3336HIGHCVSS 7.5EG 7.5✓ Fixed in 0.38.02026-03-02
Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do…
- CVE-2026-3338HIGHCVSS 7.5EG 7.5✓ Fixed in 0.38.02026-03-02
Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action.…
Check whether aws-lc-sys is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for aws-lc-sys CVEs against the assets you own.
Start Free Scan →