CVE-2025-11936

Medium CVSS: 6.3

Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to excessive CPU and memory consumption during ClientHello processing.

Vendor

Wolfssl

Product

Wolfssl

CWE

CWE-20

Yayın Tarihi

2025-11-21 23:15:44

Güncelleme

2025-12-03 18:47:25

Source Identifier

facts@wolfssl.com

KEV Date Added

Kategoriler

CWE-20 Wolfssl MEDIUM Wolfssl 2025

Referanslar

https://github.com/wolfSSL/wolfssl https://github.com/wolfSSL/wolfssl/pull/9117 https://github.com/wolfSSL/wolfssl/pull/9117

Benzer Kayıtlar

Medium

CVE-2026-3849

Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH (E…

Low

CVE-2026-4395

Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import_x963_ex() in wolfSSL wolfcrypt allows a remote at…

Low

CVE-2026-3229

An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused heap corruption when…

Low

CVE-2026-3230

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a c…

High

CVE-2026-3547

Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds re…

High

CVE-2026-3549

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buf…