{"id":"RUSTSEC-2026-0042","summary":"CRL Distribution Point Scope Check Logic Error in AWS-LC","details":"A logic error in CRL distribution point matching in AWS-LC allows a revoked\ncertificate to bypass revocation checks during certificate validation, when\nthe application enables CRL checking and uses partitioned CRLs with Issuing\nDistribution Point (IDP) extensions.\n\nCustomers of AWS services do not need to take action. `aws-lc-fips-sys`\ncontains code from AWS-LC. Applications using `aws-lc-fips-sys` should\nupgrade to the most recent release of `aws-lc-fips-sys`.\n\n## Workarounds\n\nApplications can workaround this issue if they do not enable CRL checking\n(`X509_V_FLAG_CRL_CHECK`). Applications using complete (non-partitioned)\nCRLs without IDP extensions are also not affected.\n\nOtherwise, there is no workaround and applications using `aws-lc-fips-sys`\nshould upgrade to the most recent releases of `aws-lc-fips-sys`.","aliases":["CVE-2026-4428","GHSA-9f94-5g5w-gf6r","RUSTSEC-2026-0048"],"modified":"2026-03-20T17:26:22.199786Z","published":"2026-03-19T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/aws-lc-fips-sys"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2026-0042.html"},{"type":"WEB","url":"https://aws.amazon.com/security/security-bulletins/2026-010-AWS"},{"type":"ADVISORY","url":"https://github.com/aws/aws-lc-rs/security/advisories/GHSA-9f94-5g5w-gf6r"}],"affected":[{"package":{"name":"aws-lc-fips-sys","ecosystem":"crates.io","purl":"pkg:cargo/aws-lc-fips-sys"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.13.0"},{"fixed":"0.13.13"}]}],"ecosystem_specific":{"affects":{"arch":[],"functions":[],"os":[]},"affected_functions":null},"database_specific":{"cvss":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","informational":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0042.json","categories":["crypto-failure"]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}