PT-2025-50637 · Wolfssl+1 · Wolfssl+1
Gilles Barthe
+3
·
Published
2025-12-11
·
Updated
2026-01-03
·
CVE-2025-13912
CVSS v4.0
1.0
Low
| Vector | AV:L/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions
wolfSSL versions prior to 5.8.4
Description
Certain constant-time implementations within wolfSSL may be altered by LLVM optimizations into non-constant-time binaries. This transformation can introduce observable timing discrepancies, potentially leading to information disclosure through timing side-channel attacks.
Recommendations
Update to wolfSSL version 5.8.4 or later.
Fix
Side Channel Attack
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Wolfssl