CNNVD-202512-3242 Information
CNNVD ID
CNNVD-202512-3242
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
Amazon S3 Encryption Client for .NET是Amazon Web Services开源的一个客户端加密库。 Amazon S3 Encryption Client for .NET存在安全漏洞,该漏洞源于缺少加密密钥承诺,可能导致具有S3存储桶写入权限的用户引入新的EDK,解密出不同的明文。
Description (English)
Amazon S3 Enrichption Clinic for.NET is a client encryption library for Amazon Web Services open source. Amazon S3 Enrichption Clinic for.NET has a security loophole, which stems from the lack of encryption key commitments and may lead to new EDKs being declassified by users with S3 drums with write permission.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Amazon Web Services
Published
2025-12-17
Last Modified
2026-02-24
References
https://aws.amazon.com/security/security-bulletins/AWS-2025-032/ https://github.com/aws/amazon-s3-encryption-client-dotnet/releases/tag/release_2025-12-17 https://github.com/aws/amazon-s3-encryption-client-dotnet/security/advisories/GHSA-4v42-65r3-3gjx https://access.redhat.com/security/cve/cve-2025-14759
Patch
https://github.com/aws/amazon-s3-encryption-client-dotnet/releases
Share on: