CNNVD-202511-2417 Information

CNNVD ID

CNNVD-202511-2417

Related CVE

CVE-2025-11933

• CNNVD Published: 2025-11-21

Description (Chinese)

wolfSSL（CyaSSL）是美国wolfSSL公司的一个针对嵌入式系统开发人员使用的小的、可移植的嵌入式SSL编程库。 wolfSSL 5.8.2及之前版本存在安全漏洞，该漏洞源于TLS 1.3 CKS扩展解析输入验证不当，可能导致拒绝服务攻击。

Description (English)

WolfSSL (CyaSSL) is a small, portable, embedded SSL programming library for embedded system developers in the United States of America. There is a security loophole in the wolfSSL 5.8.2 and earlier versions, which stems from the misdialysis of TLS 1.3 CKS, which may lead to a denial of service attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

wolfSSL

Published

2025-11-21

Last Modified

2026-02-24

References

https://github.com/wolfSSL/wolfssl/pull/9132 https://access.redhat.com/security/cve/cve-2025-11933 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11933

Patch

https://www.wolfssl.com/download/