Amazon Aws Encryption Sdk
By the Year
In 2024 there have been 1 vulnerability in Amazon Aws Encryption Sdk with an average score of 5.3 out of ten. Aws Encryption Sdk did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2024 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 1 | 5.30 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 8.10 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Aws Encryption Sdk vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Amazon Aws Encryption Sdk Security Vulnerabilities
AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures.
CVE-2024-23680
5.3 - Medium
- January 19, 2024
AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures.
Improper Verification of Cryptographic Signature
A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0
CVE-2020-8897
8.1 - High
- November 16, 2020
A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM (and other AEAD ciphers such as AES-GCM-SIV or (X)ChaCha20Poly1305) used by the SDKs to encrypt messages, an attacker can craft a unique cyphertext which will decrypt to multiple different results, and becomes especially relevant in a multi-recipient setting. We recommend users update their SDK to 2.0.0 or later.
Use of a Broken or Risky Cryptographic Algorithm
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Amazon Aws Encryption Sdk or by Amazon? Click the Watch button to subscribe.
