CVE-2025-11933

Name of the Vulnerable Software and Affected Versions wolfSSL versions 5.8.2 and earlier

Description A flaw exists in the processing of TLS 1.3 CKS extensions within wolfSSL. This improper input validation can be triggered by a specially crafted ClientHello message containing duplicate CKS extensions. A remote, unauthenticated attacker could potentially exploit this to cause a denial-of-service condition.

Recommendations Update wolfSSL to a version later than 5.8.2.