CVE-2025-11931 — Integer Underflow (Wrap or Wraparound) in Wolfssl

CWE-191 — Integer Underflow (Wrap or Wraparound)5 documents5 sources

Severity

2.1LOWNVD

EPSS

0.0%

top 94.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wolfssl Debian Wolfssl Msrc Azl3 Mariadb 10.11.11-1 ON Azure Linux 3.0 +1 more

Timeline

PublishedNov 21

Latest updateNov 22

Description

Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wc_XChaCha20Poly1305_Decrypt() which is not used with TLS connections, only from direct calls from an application.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Affected Packages6 packages

▶debiandebian/wolfssl< wolfssl 5.8.4-1 (forky)

▶CVEListV5wolfssl/wolfssl< 5.8.4

▶Debianwolfssl/wolfssl< 5.8.4-1

▶NVDwolfssl/wolfssl5.8.4

▶msrcmsrc/cbl2_mariadb_10.6.21-1_on_cbl_mariner_2.0

Patches

Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-h957-386q-gm5j: Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt↗2025-11-22

▶

OSV

CVE-2025-11931: Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt↗2025-11-21

▶

📋Vendor Advisories

Microsoft

Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt↗2025-11-11

▶

Debian

CVE-2025-11931: wolfssl - Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. T...↗2025

▶