CVE-2025-11932Observable Discrepancy in Wolfssl

CWE-203Observable Discrepancy5 documents5 sources
Severity
2.3LOWNVD
EPSS
0.0%
top 97.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
WolfsslDebian WolfsslMsrc Azl3 Mariadb 10.11.11-1 ON Azure Linux 3.0+1 more
Timeline
PublishedNov 21
Latest updateNov 22

Description

The server previously verified the TLS 1.3 PSK binder using a non-constant time method which could potentially leak information about the PSK binder

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Affected Packages6 packages

debiandebian/wolfssl< wolfssl 5.8.4-1 (forky)
CVEListV5wolfssl/wolfssl< 5.8.4
Debianwolfssl/wolfssl< 5.8.4-1
NVDwolfssl/wolfssl5.8.2

Patches

Patch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-6qhq-g72j-7wvf: The server previously verified the TLS 12025-11-22
OSV
CVE-2025-11932: The server previously verified the TLS 12025-11-21

📋Vendor Advisories

2
Microsoft
Timing Side-Channel in PSK Binder Verification2025-11-11
Debian
CVE-2025-11932: wolfssl - The server previously verified the TLS 1.3 PSK binder using a non-constant time ...2025
CVE-2025-11932 — Observable Discrepancy in Wolfssl | cvebase