CVE-2024-13176

[keenhon]

Describe the bug

AWS Inspector scanned and found CVE-2024-13176

AWS CLI v2.28.22

Affected DLLs.
libssl-1_1.dll
libcrypto-1_1.dll

Regression Issue

• Select this option if this issue appears to be a regression.

Expected Behavior

No vulnerability

Current Behavior

Detected vulnerability by AWS Inspector.

Reproduction Steps

See the files or scan with AWS Inspector.

Possible Solution

Update to use newer dlls.

Additional Information/Context

No response

CLI version used

2.28.22

Environment details (OS name and version, etc.)

Windows Server Datacenter 2022

[adev-code]

Hello @keenhon, thanks for reaching out. This has been addressed in the latest AWS CLI for Windows and macOS, which uses OpenSSL 3.0.16 bundled with Python 3.13.3. The current latest version should not be affected by CVE-2024-13176.

[github-actions]

Greetings! It looks like this issue hasn’t been active in longer than five days. We encourage you to check if this is still an issue in the latest release. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or upvote with a reaction on the initial post to prevent automatic closure. If the issue is already closed, please feel free to open a new one.

[github-actions]

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.