Home

Description

Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into non-constant-time binary by LLVM optimizations, which can potentially result in observable timing discrepancies and lead to information disclosure through timing side-channel attacks.

PUBLISHED Reserved 2025-12-02 | Published 2025-12-11 | Updated 2025-12-11 | Assigner wolfSSL




LOW: 1.0CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Problem types

CWE-203 Observable Discrepancy

Product status

Default status
unaffected

Any version before 5.8.4
affected

Credits

Jing Liu finder

Zhiyuan Zhang finder

LUCÍA MARTÍNEZ GAVIER finder

Gilles Barthe finder

Marcel Böhme finder

References

github.com/wolfSSL/wolfssl/pull/9148

cve.org (CVE-2025-13912)

nvd.nist.gov (CVE-2025-13912)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.