PKCS7_verify Signature Validation Bypass in AWS-LC
Improper signature validation in PKCS7_verify() in AWS-LC allows an
unauthenticated user to bypass signature verification when processing PKCS7
objects with Authenticated Attributes.
Customers of AWS services do not need to take action. aws-lc-sys contains
code from AWS-LC. Applications using aws-lc-sys should upgrade to the most
recent release of aws-lc-sys.
There is no workaround; applications using aws-lc-sys should upgrade to the
most recent release of aws-lc-sys.
See advisory page for additional details.
aws-lc-sys0.34.0>=0.38.0<0.24.0Improper signature validation in
PKCS7_verify()in AWS-LC allows anunauthenticated user to bypass signature verification when processing PKCS7
objects with Authenticated Attributes.
Customers of AWS services do not need to take action.
aws-lc-syscontainscode from AWS-LC. Applications using
aws-lc-sysshould upgrade to the mostrecent release of
aws-lc-sys.There is no workaround; applications using
aws-lc-sysshould upgrade to themost recent release of
aws-lc-sys.See advisory page for additional details.