漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
PKCS7_verify Certificate Chain Validation Bypass in AWS-LC
Vulnerability Description
Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
证书验证不恰当
Vulnerability Title
AWS libcrypto 安全漏洞
Vulnerability Description
AWS libcrypto是Amazon Web Services开源的一个通用加密库。 AWS libcrypto 1.69.0之前版本存在安全漏洞,该漏洞源于PKCS7_verify函数证书验证不当,在处理具有多个签名者的PKCS7对象时可能绕过证书链验证。
CVSS Information
N/A
Vulnerability Type
N/A