Primary

Context

AWS-LC PKCS7 Certificate Chain Validation Bypass Vulnerability

Vulnerability

A vulnerability in AWS-LC's PKCS7_verify() function allows an unauthenticated user to bypass certificate chain verification. This issue arises when processing PKCS7 objects with multiple signers, excluding the final signer. The vulnerability is present in AWS-LC versions 1.41.0 prior to 1.69.0, as well as in aws-lc-sys versions 0.24.0 prior to 0.38.0.

Impact

Exploitation of this vulnerability allows for improper validation of certificate chains, which could lead to unauthorized entities being accepted as valid signers in cryptographic operations.

Remediation

Users of AWS-LC should upgrade to version 1.69.0. For those using aws-lc-sys, the upgrade to version 0.38.0 is recommended.

Added: Mar 2, 2026, 10:26 PM

Updated: Mar 2, 2026, 11:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AWS-LC PKCS7 Certificate Chain Validation Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating