GHSA-5whh-4q9j-7v28: aws-kms-tls-auth vulnerable to memory overallocation

March 3, 2026

aws-kms-tls-auth is an optional utility for s2n-tls that enables customers to use AWS KMS keys as part of the PSK extension field in a TLS 1.3 handshake. An issue exists in this library that can lead to overallocation of memory potentially resulting in a denial of service.

References

github.com/advisories/GHSA-5whh-4q9j-7v28
github.com/aws/s2n-tls
github.com/aws/s2n-tls/security/advisories/GHSA-5whh-4q9j-7v28

Code Behaviors & Features

Detect and mitigate GHSA-5whh-4q9j-7v28 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →