CVE-2026-32283 (UNKNOWN): detected in Lambda Docker Images.

[the-lambda-watchdog]

CVE Details

CVE ID	Severity	Affected Package	Installed Version	Fixed Version	Date Published	Date of Scan
CVE-2026-32283	UNKNOWN	stdlib	v1.26.1	1.25.9, 1.26.2	2026-04-08T02:16:03.58Z	2026-04-08T10:18:23.726982538Z

---

Affected Docker Images

Image Name	SHA
public.ecr.aws/lambda/provided:latest	public.ecr.aws/lambda/provided@sha256:7b709bca19b811432d7bb75cc96fb9ebbbe416183a67defbd46d423220c83b3c
public.ecr.aws/lambda/provided:al2023	public.ecr.aws/lambda/provided@sha256:7b709bca19b811432d7bb75cc96fb9ebbbe416183a67defbd46d423220c83b3c
public.ecr.aws/lambda/provided:al2	public.ecr.aws/lambda/provided@sha256:5e6b56637a7abad385662cd5affe8ec926a90eaefbdeae760e473bdfaeedc002
public.ecr.aws/lambda/python:latest	public.ecr.aws/lambda/python@sha256:b8a94e60893a2049bb3c7c66a743c69226417f86fc87d2b470d2ca6abc22376c
public.ecr.aws/lambda/python:3.14	public.ecr.aws/lambda/python@sha256:3550baf11e94cb808d86f322e7b262f7cb9c218fd45ab1eb104c023dec358338
public.ecr.aws/lambda/python:3.13	public.ecr.aws/lambda/python@sha256:b8a94e60893a2049bb3c7c66a743c69226417f86fc87d2b470d2ca6abc22376c
public.ecr.aws/lambda/python:3.12	public.ecr.aws/lambda/python@sha256:e6f5e8e6607c461c49488f2e02204960e64054034dca27653bb998c78a194597
public.ecr.aws/lambda/python:3.11	public.ecr.aws/lambda/python@sha256:0e35f30be7b0781161a74fb8388a89e8db5ac8139b9fe6690f98dc8198f66aa6
public.ecr.aws/lambda/python:3.10	public.ecr.aws/lambda/python@sha256:f96eafce8c54e12eb61f079526b278f107fc597fb071d273dfba9e8c7480f924
public.ecr.aws/lambda/nodejs:latest	public.ecr.aws/lambda/nodejs@sha256:1df173d3aafb069227b50bd0bfb3c3707af66ae4fb64fb8a8db5ea0fbd4aa90f
public.ecr.aws/lambda/nodejs:24	public.ecr.aws/lambda/nodejs@sha256:3fcf44c04e7e8e7deccbd689dec39b6693b7b8ebe0acb7c1e03c873ededb3f0f
public.ecr.aws/lambda/nodejs:22	public.ecr.aws/lambda/nodejs@sha256:1df173d3aafb069227b50bd0bfb3c3707af66ae4fb64fb8a8db5ea0fbd4aa90f
public.ecr.aws/lambda/nodejs:20	public.ecr.aws/lambda/nodejs@sha256:5e4f85e10adbad9a6ba7f1937db5be58abccdf0b994b4d9c31ced7a378defccb
public.ecr.aws/lambda/java:latest	public.ecr.aws/lambda/java@sha256:d8b2fcad48eb21ad7f157d92fdd99e614afdc8463da3c46fe25a91c72740dacf
public.ecr.aws/lambda/java:25	public.ecr.aws/lambda/java@sha256:7f190d5846724100486dbfd63e8a0588309d8351f2cce9c7d113f0bd902b919a
public.ecr.aws/lambda/java:21	public.ecr.aws/lambda/java@sha256:d8b2fcad48eb21ad7f157d92fdd99e614afdc8463da3c46fe25a91c72740dacf
public.ecr.aws/lambda/java:17	public.ecr.aws/lambda/java@sha256:d4c578801fd44cfc7efbb470b7bae18ef4d075b5e92c62d6b05871f1dcf9fdf1
public.ecr.aws/lambda/java:11	public.ecr.aws/lambda/java@sha256:49bb585aebdbe227ec82c7bca06719a2f47da57456ca38b6d190532adafc0648
public.ecr.aws/lambda/java:8.al2	public.ecr.aws/lambda/java@sha256:c0638e38733cf99f39231990dde3b110397f533697c654a7675a01adf4ed1898
public.ecr.aws/lambda/dotnet:latest	public.ecr.aws/lambda/dotnet@sha256:9f93cda1784ec3d6b1618120dd5c2ca77ee9b1b5be27177e06f2550fcf05fffa
public.ecr.aws/lambda/dotnet:10	public.ecr.aws/lambda/dotnet@sha256:e2a12d4f4877a8ca5a6bcbb5df6ed3d4450ea2f008dc0d9e553a52eaa8243c27
public.ecr.aws/lambda/dotnet:9	public.ecr.aws/lambda/dotnet@sha256:52614427637b27d93a6ae068423276e80e474f168568c7c310ba5ffd06f86112
public.ecr.aws/lambda/dotnet:8	public.ecr.aws/lambda/dotnet@sha256:9f93cda1784ec3d6b1618120dd5c2ca77ee9b1b5be27177e06f2550fcf05fffa
public.ecr.aws/lambda/ruby:latest	public.ecr.aws/lambda/ruby@sha256:cb999c9299c61aeb16b83b86bd96435f31493ee6450edb528b6a7e9a223b8c7f
public.ecr.aws/lambda/ruby:3.4	public.ecr.aws/lambda/ruby@sha256:cb999c9299c61aeb16b83b86bd96435f31493ee6450edb528b6a7e9a223b8c7f
public.ecr.aws/lambda/ruby:3.3	public.ecr.aws/lambda/ruby@sha256:5542fe6d540df1acf803cc022132fb52184cf5de9cc32a26e115a2ba9880712c

---

Description

If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.

---

Remediation Steps

• Update the affected package stdlib from version v1.26.1 to 1.25.9, 1.26.2.

About this issue

• This issue may not contain all the information about the CVE nor the images it affects.
• This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
• For more, visit Lambda Watchdog.
• This issue was created automatically by Lambda Watchdog.