CVE-2026-4428— CRL Distribution Point Scope Check Logic Error in AWS-LC

CRL Distribution Point Scope Check Logic Error in AWS-LC

A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

证书撤销验证不恰当

AWS libcrypto 安全漏洞

AWS libcrypto是Amazon Web Services开源的一个通用加密库。 AWS libcrypto 1.71.0之前版本存在安全漏洞，该漏洞源于CRL分发点验证中的逻辑错误导致分区的CRL被错误地拒绝为超出范围，从而允许已吊销的证书绕过证书吊销检查。

N/A

N/A