漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
TLS hostname validation issues within AWS IoT Device SDKs on macOS
Vulnerability Description
Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on MacOS. This issue has been addressed in aws-c-io submodule versions 0.10.5 onward. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.4.2 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.6.1 on macOS. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on macOS. Amazon Web Services AWS-C-IO 0.10.4 on macOS.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
Amazon AWS IoT Device SDK 信任管理问题漏洞
Vulnerability Description
Amazon AWS IoT Device SDK是美国亚马逊(Amazon)公司的 MIT 开源许可下的 C 源文件集合,可用于嵌入式应用程序以将 IoT 设备安全地连接到 AWS IoT Core。它包括一个 MQTT、JSON 解析器和 AWS IoT Device Shadow 库。它以源代码形式分发,旨在与应用程序代码、其他库以及可选的 RTOS(实时操作系统)一起构建到客户固件中。 Amazon AWS IoT Device SDK v2存在安全漏洞,该漏洞源于在TLS握手期间没有验证服务器证
CVSS Information
N/A
Vulnerability Type
N/A