CVE-2025-11936
BaseFortify
Publication date: 2025-11-21
Last updated on: 2025-12-03
Assigner: wolfSSL Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wolfssl | wolfssl | From 5.8.2 (inc) to 5.8.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is caused by improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL version 5.8.2. A remote unauthenticated attacker can send a specially crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group. This causes excessive CPU and memory consumption during the processing of the ClientHello message, leading to a denial-of-service condition.
How can this vulnerability impact me? :
The vulnerability can lead to a denial-of-service (DoS) attack, where an attacker remotely causes the affected system to consume excessive CPU and memory resources. This can degrade system performance or cause the system to become unresponsive, potentially disrupting services relying on wolfSSL TLS 1.3 implementations.