CVE-2025-11933 — Improper Input Validation in Wolfssl

CWE-20 — Improper Input Validation5 documents5 sources

Severity

2.3LOWNVD

EPSS

0.0%

top 87.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wofssl Wolfssl Wolfssl Debian Wolfssl +2 more

Timeline

PublishedNov 21

Latest updateNov 22

Description

Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service via a crafted ClientHello message with duplicate CKS extensions.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L

Affected Packages6 packages

▶CVEListV5wofssl/wolfssl3.12.0 — 5.8.4

▶debiandebian/wolfssl< wolfssl 5.8.4-1 (forky)

▶NVDwolfssl/wolfssl5.8.2 — 5.8.4

▶Debianwolfssl/wolfssl< 5.8.4-1

▶msrcmsrc/cbl2_mariadb_10.6.21-1_on_cbl_mariner_2.0

Patches

Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-g9wx-2hxf-f2rj: Improper Input Validation in the TLS 1↗2025-11-22

▶

OSV

CVE-2025-11933: Improper Input Validation in the TLS 1↗2025-11-21

▶

📋Vendor Advisories

Microsoft

DoS Vulnerability in wolfSSL TLS 1.3 CKS Extension↗2025-11-11

▶

Debian

CVE-2025-11933: wolfssl - Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 ...↗2025

▶