CNNVD-202512-2164 Information

CNNVD ID

CNNVD-202512-2164

Related CVE

CVE-2025-13912

• CNNVD Published: 2025-12-11

Description (Chinese)

wolfSSL（CyaSSL）是美国wolfSSL公司的一个针对嵌入式系统开发人员使用的小的、可移植的嵌入式SSL编程库。 wolfSSL 5.8.4之前版本存在安全漏洞，该漏洞源于LLVM优化导致时序差异，可能通过时序侧信道泄露信息。

Description (English)

WolfSSL (CyaSSL) is a small, portable, embedded SSL programming library for embedded system developers in the United States of America. There is a security loophole in the previous version of WolfSSL 5.8.4, which stems from time-series differences caused by LLVM optimization and which may leak information through a time-series channel.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

wolfSSL

Published

2025-12-11

Last Modified

2026-02-24

References

https://github.com/wolfSSL/wolfssl/pull/9148 https://access.redhat.com/security/cve/cve-2025-13912

Patch

https://www.wolfssl.com/download/