CNNVD-202511-2416 Information
CNNVD ID
CNNVD-202511-2416
Related CVE
- CNNVD Published: 2025-11-21
Description (Chinese)
wolfSSL(CyaSSL)是美国wolfSSL公司的一个针对嵌入式系统开发人员使用的小的、可移植的嵌入式SSL编程库。 wolfSSL(CyaSSL) 5.8.2及之前版本存在安全漏洞,该漏洞源于TLS 1.3 CertificateVerify签名算法协商输入验证不当,可能导致签名算法降级。
Description (English)
WolfSSL (CyaSSL) is a small, portable, embedded SSL programming library for embedded system developers in the United States of America. There is a security loophole in the WolfSSL (CyaSSL) 5.8.2 et seq., which stems from the miscertification of the TLS 1.3 CertificateVerify signature algorithm, which may lead to a downgrading of the signature algorithm.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
wolfSSL
Published
2025-11-21
Last Modified
2026-02-24
References
https://github.com/wolfSSL/wolfssl https://github.com/wolfSSL/wolfssl/pull/9113 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11934 https://access.redhat.com/security/cve/cve-2025-11934
Patch
https://github.com/wolfSSL/wolfssl/releases
Share on: