Security: 7 vulnerabilities found #119
Description
Security Audit Report
Date: 2026-03-22T04:20:55.835Z
Vulnerabilities: 7
RUSTSEC-2026-0048: CRL Distribution Point Scope Check Logic Error in AWS-LC
Package: aws-lc-sys@0.37.1
Severity: Unknown
URL: https://aws.amazon.com/security/security-bulletins/2026-010-AWS
A logic error in CRL distribution point matching in AWS-LC allows a revoked
certificate to bypass revocation checks during certificate validation, when
the application enables CRL checking and uses partitioned CRLs with Issuing
Distribution Point (IDP) extensions.
Customers of AWS services do not need to take action. aws-lc-sys contains
code from AWS-LC. Applications using aws-lc-sys should upgrade to the most
recent release of aws-lc-sys.
Workarounds
Applications can workaround this issue if they do not enable CRL checking
(X509_V_FLAG_CRL_CHECK). Applications using complete (non-partitioned)
CRLs without IDP extensions are also not affected.
Otherwise, there is no workaround and applications using aws-lc-sys should
upgrade to the most recent releases of aws-lc-sys.
Patched Versions: >=0.39.0
RUSTSEC-2026-0046: PKCS7_verify Certificate Chain Validation Bypass in AWS-LC
Package: aws-lc-sys@0.37.1
Severity: Unknown
URL: https://aws.amazon.com/security/security-bulletins/2026-005-AWS
Improper certificate validation in PKCS7_verify() in AWS-LC allows an
unauthenticated user to bypass certificate chain verification when processing
PKCS7 objects with multiple signers, except the final signer.
Customers of AWS services do not need to take action. aws-lc-sys contains
code from AWS-LC. Applications using aws-lc-sys should upgrade to the most
recent release of aws-lc-sys.
There is no workaround; applications using aws-lc-sys should upgrade to the
most recent release of aws-lc-sys.
Patched Versions: >=0.38.0
RUSTSEC-2026-0047: PKCS7_verify Signature Validation Bypass in AWS-LC
Package: aws-lc-sys@0.37.1
Severity: Unknown
URL: https://aws.amazon.com/security/security-bulletins/2026-005-AWS
Improper signature validation in PKCS7_verify() in AWS-LC allows an
unauthenticated user to bypass signature verification when processing PKCS7
objects with Authenticated Attributes.
Customers of AWS services do not need to take action. aws-lc-sys contains
code from AWS-LC. Applications using aws-lc-sys should upgrade to the most
recent release of aws-lc-sys.
There is no workaround; applications using aws-lc-sys should upgrade to the
most recent release of aws-lc-sys.
Patched Versions: >=0.38.0
RUSTSEC-2026-0044: AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CN
Package: aws-lc-sys@0.37.1
Severity: Unknown
URL: null
A logic error in CN (Common Name) validation allows certificates with
wildcard or raw UTF-8 Unicode CN values to bypass name constraints
enforcement. The cn2dnsid function does not recognize these CN patterns
as valid DNS identifiers, causing NAME_CONSTRAINTS_check_CN to skip
validation. However, X509_check_host accepts these CN values when no
dNSName SAN is present, allowing certificates to bypass name constraints
while still being used for hostname verification.
Customers of AWS services do not need to take action. Applications using
aws-lc-sys should upgrade to the most recent release of aws-lc-sys.
Workarounds
Applications that set X509_CHECK_FLAG_NEVER_CHECK_SUBJECT to disable CN
fallback are not affected. Applications that only encounter certificates
with dNSName SANs (standard for public WebPKI) are also not affected.
Otherwise, there is no workaround and applications using aws-lc-sys should
upgrade to the most recent releases of aws-lc-sys.
Patched Versions: >=0.39.0
RUSTSEC-2026-0045: Timing Side-Channel in AES-CCM Tag Verification in AWS-LC
Package: aws-lc-sys@0.37.1
Severity: Unknown
URL: https://aws.amazon.com/security/security-bulletins/2026-005-AWS
Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an
unauthenticated user to potentially determine authentication tag validity
via timing analysis.
The impacted implementations are through the EVP CIPHER API:
EVP_aes_128_ccm, EVP_aes_192_ccm, and EVP_aes_256_ccm.
Customers of AWS services do not need to take action. aws-lc-sys contains
code from AWS-LC. Applications using aws-lc-sys should upgrade to the most
recent release of aws-lc-sys.
Workarounds
In the special cases of using AES-CCM with (M=4, L=2), (M=8, L=2), or
(M=16, L=2), applications can workaround this issue by using AES-CCM through
the EVP AEAD API using implementations EVP_aead_aes_128_ccm_bluetooth,
EVP_aead_aes_128_ccm_bluetooth_8, and EVP_aead_aes_128_ccm_matter
respectively.
Otherwise, there is no workaround and applications using aws-lc-sys should
upgrade to the most recent release.
Patched Versions: >=0.38.0
RUSTSEC-2023-0071: Marvin Attack: potential key recovery through timing sidechannels
Package: rsa@0.9.10
Severity: Unknown
URL: RustCrypto/RSA#19 (comment)
Impact
Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key.
Patches
No patch is yet available, however work is underway to migrate to a fully constant-time implementation.
Workarounds
The only currently available workaround is to avoid using the rsa crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer is fine.
References
This vulnerability was discovered as part of the "Marvin Attack", which revealed several implementations of RSA including OpenSSL had not properly mitigated timing sidechannel attacks.
Patched Versions: None
RUSTSEC-2026-0049: CRLs not considered authorative by Distribution Point due to faulty matching logic
Package: rustls-webpki@0.103.9
Severity: Unknown
URL: null
If a certificate had more than one distributionPoint, then only the first distributionPoint would be considered against each CRL's IssuingDistributionPoint distributionPoint, and then the certificate's subsequent distributionPoints would be ignored.
The impact was that correct provided CRLs would not be consulted to check revocation. With UnknownStatusPolicy::Deny (the default) this would lead to incorrect but safe Error::UnknownRevocationStatus. With UnknownStatusPolicy::Allow this would lead to inappropriate acceptance of revoked certificates.
This vulnerability is thought to be of limited impact. This is because both the certificate and CRL are signed -- an attacker would need to compromise a trusted issuing authority to trigger this bug. An attacker with such capabilities could likely bypass revocation checking through other more impactful means (such as publishing a valid, empty CRL.)
More likely, this bug would be latent in normal use, and an attacker could leverage faulty revocation checking to continue using a revoked credential.
This vulnerability is identified by GHSA-pwjx-qhcg-rvj4. Thank you to @1seal for the report.
Patched Versions: >=0.103.10
This issue was automatically created by the security audit workflow.