Aws Aws-Lc-Fips vulnerabilities

CVE-2026-4428 [CRITICAL] CWE-299 CVE-2026-4428: A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs t A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0.

CVE-2026-3337 [HIGH] CWE-208 CVE-2026-3337: Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to pote Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVP_aes_128_ccm, EVP_aes_192_ccm, and EVP_aes_256_ccm. Customers of AWS services do not need to take action. Applications u