CVE-2025-11936

Name of the Vulnerable Software and Affected Versions wolfSSL version 5.8.2

Description A flaw exists in the TLS 1.3 KeyShareEntry parsing within wolfSSL. This issue allows a remote, unauthenticated attacker to trigger a denial-of-service condition. The attack involves sending a specially crafted ClientHello message that includes duplicate KeyShareEntry values for the same supported group. This leads to excessive CPU and memory usage during the processing of the ClientHello message.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.