CVE-2025-11934

Low CVSS: 2.1

Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in wolfSSL 5.8.2 and earlier on multiple platforms allows for downgrading the signature algorithm used. For example when a client sends ECDSA P521 as the supported signature algorithm the server previously could respond as ECDSA P256 being the accepted signature algorithm and the connection would continue with using ECDSA P256, if the client supports ECDSA P256.

Vendor

Wolfssl

Product

Wolfssl

CWE

CWE-20

Yayın Tarihi

2025-11-21 23:15:44

Güncelleme

2025-12-03 18:47:17

Source Identifier

facts@wolfssl.com

KEV Date Added

Kategoriler

CWE-20 Wolfssl LOW Wolfssl 2025

Referanslar

https://github.com/wolfSSL/wolfssl https://github.com/wolfSSL/wolfssl/pull/9113 https://github.com/wolfSSL/wolfssl/pull/9113

Benzer Kayıtlar

Medium

CVE-2026-3849

Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH (E…

Low

CVE-2026-4395

Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote at…

Low

CVE-2026-3229

An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused heap corruption when…

Low

CVE-2026-3230

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a c…

High

CVE-2026-3547

Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds re…

High

CVE-2026-3549

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buf…