Skip to main content

Aws Lc Fips Sys

1 CVEs product

Monthly

CVE-2026-3337 Cargo MEDIUM PATCH This Month

Timing side-channel attacks in AWS-LC's AES-CCM decryption implementation allow unauthenticated attackers to infer authentication tag validity through precise timing measurements. The vulnerability affects AWS-LC and related cryptographic libraries across multiple AES-CCM variants (128, 192, and 256-bit), potentially enabling attackers to forge authenticated messages. AWS service customers are unaffected, but applications using AWS-LC directly should upgrade to version 1.69.0 or later.

AWS Aws Libcrypto Aws Lc Fips Sys Aws Lc Sys Red Hat +2
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Timing side-channel attacks in AWS-LC's AES-CCM decryption implementation allow unauthenticated attackers to infer authentication tag validity through precise timing measurements. The vulnerability affects AWS-LC and related cryptographic libraries across multiple AES-CCM variants (128, 192, and 256-bit), potentially enabling attackers to forge authenticated messages. AWS service customers are unaffected, but applications using AWS-LC directly should upgrade to version 1.69.0 or later.

AWS Aws Libcrypto Aws Lc Fips Sys +4
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy