CVE-2024-23680

Published Jan 19, 2024

Last updated 23 days ago

Overview

Description
AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures.
Source
disclosure@vulncheck.com
NVD status
Modified

Risk scores

CVSS 3.1

Type
Primary
Base score
5.3
Impact score
1.4
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Severity
MEDIUM

Weaknesses

disclosure@vulncheck.com
CWE-347
nvd@nist.gov
CWE-347

Social media

Hype score
Not currently trending

Configurations