Home

Description

Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to excessive CPU and memory consumption during ClientHello processing.

PUBLISHED Reserved 2025-10-17 | Published 2025-11-21 | Updated 2025-11-24 | Assigner wolfSSL




MEDIUM: 6.3CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L

Problem types

CWE-20 Improper Input Validation

Product status

Default status
unaffected

v5.8.2
affected

Credits

Jaehun Lee, Pohang University of Science and Technology (POSTECH) finder

Kyungmin Bae, Pohang University of Science and Technology (POSTECH) coordinator

References

github.com/wolfSSL/wolfssl/pull/9117 exploit

github.com/wolfSSL/wolfssl

github.com/wolfSSL/wolfssl/pull/9117

cve.org (CVE-2025-11936)

nvd.nist.gov (CVE-2025-11936)

Download JSON