CNNVD-202512-3215 Information
CNNVD ID
CNNVD-202512-3215
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
Amazon S3 Encryption Client是Amazon Web Services开源的一个客户端加密库。 Amazon S3 Encryption Client存在安全漏洞,该漏洞源于缺少加密密钥承诺,可能导致具有S3存储桶写入权限的用户引入新的EDK,解密出不同的明文。
Description (English)
Amazon S3 Encryption Clinic is a client encryption library for Amazon Web Services. Amazon S3 Encryption Clinic has a security loophole, which stems from a lack of encryption key commitments and may lead to the introduction of a new EDK for users with S3 canton write permission to decrypt different specifications.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Amazon Web Services
Published
2025-12-17
Last Modified
2026-02-24
References
https://github.com/aws/amazon-s3-encryption-client-go/releases/tag/v4.0.0 https://aws.amazon.com/security/security-bulletins/AWS-2025-032/ https://github.com/aws/amazon-s3-encryption-client-go/security/advisories/GHSA-3g75-q268-r9r6 https://access.redhat.com/security/cve/cve-2025-14764
Patch
https://github.com/aws/amazon-s3-encryption-client-go/releases
Share on: