GHSA-65p9-r9h6-22vj
MEDIUMAWS-LC has Timing Side-Channel in AES-CCM Tag Verification
EPSS Exploitation Probability
EPSS (Exploit Prediction Scoring System) is a daily probability model maintained by FIRST.org. It estimates the likelihood a CVE will be exploited in production environments within the next 30 days, derived from real-world threat intelligence signals.
Blast Radius
aws-lc-sys🦀aws-lc-fips-sysReal-time download stats are indexed for npm and PyPI packages. This vulnerability affects crates.io packages — download data is not available via public APIs for these ecosystems.
Description
Summary
AWS-LC is an open-source, general-purpose cryptographic library.
Impact
Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis.
The impacted implementations are through the EVP CIPHER API: EVP_aes_128_ccm, EVP_aes_192_ccm, and EVP_aes_256_ccm.
Customers of AWS services do not need to take action. aws-lc-sys and aws-lc-fips-sys contain code from AWS-LC. Applications using aws-lc-sys or aws-lc-fips-sys should upgrade to the most recent releases of aws-lc-sys or aws-lc-fips-sys.
Impacted versions:
- aws-lc-sys versions: >= 0.14.0, < 0.38.0
- aws-lc-fips-sys versions: >= v0.13.0, < 0.13.12.
Patches
The patch is included in aws-lc-sys v.0.38.0 and aws-lc-fips-sys v0.13.12.
Workarounds
In the special cases of using AES-CCM with (M=4, L=2), (M=8, L=2), or (M=16, L=2), applications can workaround this issue by using AES-CCM through the EVP AEAD API using implementations EVP_aead_aes_128_ccm_bluetooth, EVP_aead_aes_128_ccm_bluetooth_8, and, EVP_aead_aes_128_ccm_matter respectively.
Otherwise, there is no workaround and applications using aws-lc-sys or aws-lc-fips-sys should upgrade to the most recent releases of aws-lc-sys or aws-lc-fips-sys.
Resources
If there are any questions or comments about this advisory, contact [AWS/Amazon] Security via thevulnerability reporting page or directly via email to [email protected]. Please do not create a public GitHub issue.
Acknowledgement
AWS-LC would like to thank Joshua Rogers (https://joshua.hu/) for collaborating on this issue through the coordinated vulnerability disclosure process.
Affected Packages
| Ecosystem | Package | Vulnerable range | Fix |
|---|---|---|---|
| 🦀crates.io | aws-lc-sys | ≥ 0.14.0&&< 0.38.0 | 0.38.0 |
| 🦀crates.io | aws-lc-fips-sys | ≥ 0.13.0&&< 0.13.12 | 0.13.12 |
Detection & mitigation playbook
Open-source dependencyDetect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for aws-lc-sys. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update aws-lc-sys to 0.38.0 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-65p9-r9h6-22vj is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-65p9-r9h6-22vj is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.
Tailored to GHSA-65p9-r9h6-22vj. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.
Frequently Asked Questions
Is GHSA-65p9-r9h6-22vj in your dependencies?
O3 detects GHSA-65p9-r9h6-22vj across crates.io dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.