Nixpkgs security tracker

Untriaged

Permalink CVE-2026-4428

7.4 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): NONE

created 1 month ago Activity log

Created suggestion 1 month ago

CRL Distribution Point Scope Check Logic Error in AWS-LC

A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0.

References

https://aws.amazon.com/security/security-bulletins/2026-010-AWS/ vendor-advisory
https://github.com/aws/aws-lc/releases/tag/v1.71.0 patch

Affected products

AWS-LC

<1.71.0

AWS-LC-FIPS

<3.3.0

Matching in nixpkgs

pkgs.aws-lc

General-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers

nixos-unstable 1.69.0
- nixpkgs-unstable 1.69.0
- nixos-unstable-small 1.69.0
nixos-25.11 1.65.0
- nixos-25.11-small 1.65.0
- nixpkgs-25.11-darwin 1.65.0

Package maintainers

@theoparis Theo Paris <theo@tinted.dev>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.aws-lc

Package maintainers