CVE-2024-23680

CVE-2024-23680: AWS Encryption SDK for Java Improper Verification of Cryptographic Signature

Weakness CWE-347
Published January 19, 2024
Last update November 29, 2025
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures.

Key dates

Disclosure timeline

January 19, 2024 CVE published
November 29, 2025 Record updated