CVE-2026-22796 (HIGH): detected in Lambda Docker Images. #423
Description
CVE Details
| CVE ID | Severity | Affected Package | Installed Version | Fixed Version | Date Published | Date of Scan |
|---|---|---|---|---|---|---|
| CVE-2026-22796 | HIGH |
openssl-fips-provider-latest |
1:3.2.2-1.amzn2023.0.4 |
1:3.2.2-1.amzn2023.0.5 |
2026-01-27T16:16:35.543Z |
2026-02-19T10:18:17.288161843Z |
Affected Docker Images
| Image Name | SHA |
|---|---|
public.ecr.aws/lambda/provided:latest |
public.ecr.aws/lambda/provided@sha256:059ed067a8e796d891100888928e32cde75d63d459617260a7901e217a7249d6 |
public.ecr.aws/lambda/provided:al2023 |
public.ecr.aws/lambda/provided@sha256:059ed067a8e796d891100888928e32cde75d63d459617260a7901e217a7249d6 |
public.ecr.aws/lambda/python:latest |
public.ecr.aws/lambda/python@sha256:f1025b56c40ecc2a1b6becc0ae87cadbc31bee42e72dc211170cb2f5a738b1be |
public.ecr.aws/lambda/python:3.14 |
public.ecr.aws/lambda/python@sha256:4a260ea82736166accb2cb9fa1b3a180ca1e26cf5f9714e1e382d290ddb4e409 |
public.ecr.aws/lambda/python:3.13 |
public.ecr.aws/lambda/python@sha256:f1025b56c40ecc2a1b6becc0ae87cadbc31bee42e72dc211170cb2f5a738b1be |
public.ecr.aws/lambda/python:3.12 |
public.ecr.aws/lambda/python@sha256:663ac51bfafe5fb4aa9084936611740c97bf9ded30ba815e971fe72971b34d67 |
public.ecr.aws/lambda/nodejs:latest |
public.ecr.aws/lambda/nodejs@sha256:75324e6335efc458856ddcb49429a5806fa66c581529746296ded84f0f8fdd92 |
public.ecr.aws/lambda/nodejs:24 |
public.ecr.aws/lambda/nodejs@sha256:2ae0aecfac970190fe1fa2f9de439fb35340d285eb29a715ce6daf18eda7f54c |
public.ecr.aws/lambda/nodejs:22 |
public.ecr.aws/lambda/nodejs@sha256:75324e6335efc458856ddcb49429a5806fa66c581529746296ded84f0f8fdd92 |
public.ecr.aws/lambda/nodejs:20 |
public.ecr.aws/lambda/nodejs@sha256:b1d950b97aaedc054c6c9c5409c98cf5c8f29de370a6f344113e1aeeaa441707 |
public.ecr.aws/lambda/java:latest |
public.ecr.aws/lambda/java@sha256:34bc510d30a691091930c6636702697ed3911c3c2bf19c8d4ebae91bb1442204 |
public.ecr.aws/lambda/java:25 |
public.ecr.aws/lambda/java@sha256:981df5d83afb63cff2fe55bb85f3102e16df1b1134982c16cc5c92a1e20073ac |
public.ecr.aws/lambda/java:21 |
public.ecr.aws/lambda/java@sha256:34bc510d30a691091930c6636702697ed3911c3c2bf19c8d4ebae91bb1442204 |
public.ecr.aws/lambda/dotnet:latest |
public.ecr.aws/lambda/dotnet@sha256:f7ad6fd594bc06108c7fd6fa5a438f8ceb3e3da37aafec7aa4b7cf976969c376 |
public.ecr.aws/lambda/dotnet:10 |
public.ecr.aws/lambda/dotnet@sha256:c1a97e4b055ad61ffb87222bd0f04337a63929efa3bec7dbde4844de94d79856 |
public.ecr.aws/lambda/dotnet:9 |
public.ecr.aws/lambda/dotnet@sha256:e0c459f568c3b8c0a601a3141de9a8e4bebd9019210e0ff94381686e7ab0621e |
public.ecr.aws/lambda/dotnet:8 |
public.ecr.aws/lambda/dotnet@sha256:f7ad6fd594bc06108c7fd6fa5a438f8ceb3e3da37aafec7aa4b7cf976969c376 |
public.ecr.aws/lambda/ruby:latest |
public.ecr.aws/lambda/ruby@sha256:215348bc5ef325f108229155601a31d5b6b230995eea50531d85094b63b27f2e |
public.ecr.aws/lambda/ruby:3.4 |
public.ecr.aws/lambda/ruby@sha256:215348bc5ef325f108229155601a31d5b6b230995eea50531d85094b63b27f2e |
public.ecr.aws/lambda/ruby:3.3 |
public.ecr.aws/lambda/ruby@sha256:06a25df7835e1450dc54d81401c063762a885ed8c7e9cfd339dc35286b1b17ef |
Description
Issue summary: A type confusion vulnerability exists in the signature
verification of signed PKCS#7 data where an ASN1_TYPE union member is
accessed without first validating the type, causing an invalid or NULL
pointer dereference when processing malformed PKCS#7 data.
Impact summary: An application performing signature verification of PKCS#7
data or calling directly the PKCS7_digest_from_attributes() function can be
caused to dereference an invalid or NULL pointer when reading, resulting in
a Denial of Service.
The function PKCS7_digest_from_attributes() accesses the message digest attribute
value without validating its type. When the type is not V_ASN1_OCTET_STRING,
this results in accessing invalid memory through the ASN1_TYPE union, causing
a crash.
Exploiting this vulnerability requires an attacker to provide a malformed
signed PKCS#7 to an application that verifies it. The impact of the
exploit is just a Denial of Service, the PKCS7 API is legacy and applications
should be using the CMS API instead. For these reasons the issue was
assessed as Low severity.
The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module
boundary.
OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.
Remediation Steps
- Update the affected package
openssl-fips-provider-latestfrom version1:3.2.2-1.amzn2023.0.4to1:3.2.2-1.amzn2023.0.5.
About this issue
- This issue may not contain all the information about the CVE nor the images it affects.
- This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
- For more, visit Lambda Watchdog.
- This issue was created automatically by Lambda Watchdog.