VulnerableCode Package Details - pkg:deb/debian/wolfssl@5.8.4-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-8735-ectc-j7a3	With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is supported, rather than those in the CertificateRequest.	CVE-2025-12889
VCID-9kev-ferz-5bhr	Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into non-constant-time binary by LLVM optimizations, which can potentially result in observable timing discrepancies and lead to information disclosure through timing side-channel attacks.	CVE-2025-13912
VCID-cxhw-3w24-dkes	The server previously verified the TLS 1.3 PSK binder using a non-constant time method which could potentially leak information about the PSK binder	CVE-2025-11932
VCID-gcfd-w8je-kqfm	With TLS 1.3 pre-shared key (PSK) a malicious or faulty server could ignore the request for PFS (perfect forward secrecy) and the client would continue on with the connection using PSK without PFS. This happened when a server responded to a ClientHello containing psk_dhe_ke without a key_share extension. The re-use of an authenticated PSK connection that on the clients side unexpectedly did not have PFS, reduces the security of the connection.	CVE-2025-11935
VCID-gdur-h588-vbb6	Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in wolfSSL 5.8.2 and earlier on multiple platforms allows for downgrading the signature algorithm used. For example when a client sends ECDSA P521 as the supported signature algorithm the server previously could respond as ECDSA P256 being the accepted signature algorithm and the connection would continue with using ECDSA P256, if the client supports ECDSA P256.	CVE-2025-11934
VCID-hk8r-kk4v-1fa7	Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of X25519, which is now turned on as the default for Xtensa.	CVE-2025-12888
VCID-khur-3ax7-9fhb	Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wc_XChaCha20Poly1305_Decrypt() which is not used with TLS connections, only from direct calls from an application.	CVE-2025-11931
VCID-njbj-f91t-b7f4	Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service via a crafted ClientHello message with duplicate CKS extensions.	CVE-2025-11933
VCID-xxkx-w5pc-5uap	Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to excessive CPU and memory consumption during ClientHello processing.	CVE-2025-11936

Vulnerability

Summary

Aliases

VCID-8735-ectc-j7a3

With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is supported, rather than those in the CertificateRequest.

CVE-2025-12889

VCID-9kev-ferz-5bhr

Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into non-constant-time binary by LLVM optimizations, which can potentially result in observable timing discrepancies and lead to information disclosure through timing side-channel attacks.

CVE-2025-13912

VCID-cxhw-3w24-dkes

The server previously verified the TLS 1.3 PSK binder using a non-constant time method which could potentially leak information about the PSK binder

CVE-2025-11932

VCID-gcfd-w8je-kqfm

With TLS 1.3 pre-shared key (PSK) a malicious or faulty server could ignore the request for PFS (perfect forward secrecy) and the client would continue on with the connection using PSK without PFS. This happened when a server responded to a ClientHello containing psk_dhe_ke without a key_share extension. The re-use of an authenticated PSK connection that on the clients side unexpectedly did not have PFS, reduces the security of the connection.

CVE-2025-11935

VCID-gdur-h588-vbb6

Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in wolfSSL 5.8.2 and earlier on multiple platforms allows for downgrading the signature algorithm used. For example when a client sends ECDSA P521 as the supported signature algorithm the server previously could respond as ECDSA P256 being the accepted signature algorithm and the connection would continue with using ECDSA P256, if the client supports ECDSA P256.

CVE-2025-11934

VCID-hk8r-kk4v-1fa7

Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of X25519, which is now turned on as the default for Xtensa.

CVE-2025-12888

VCID-khur-3ax7-9fhb

Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wc_XChaCha20Poly1305_Decrypt() which is not used with TLS connections, only from direct calls from an application.

CVE-2025-11931

VCID-njbj-f91t-b7f4

Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service via a crafted ClientHello message with duplicate CKS extensions.

CVE-2025-11933

VCID-xxkx-w5pc-5uap

Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to excessive CPU and memory consumption during ClientHello processing.

CVE-2025-11936

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T07:57:44.560338+00:00	Debian Importer	Fixing	VCID-9kev-ferz-5bhr	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:57:44.519066+00:00	Debian Importer	Fixing	VCID-8735-ectc-j7a3	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:57:44.474008+00:00	Debian Importer	Fixing	VCID-hk8r-kk4v-1fa7	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:57:44.428591+00:00	Debian Importer	Fixing	VCID-xxkx-w5pc-5uap	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:57:44.383226+00:00	Debian Importer	Fixing	VCID-gcfd-w8je-kqfm	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:57:44.336973+00:00	Debian Importer	Fixing	VCID-gdur-h588-vbb6	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:57:44.291063+00:00	Debian Importer	Fixing	VCID-njbj-f91t-b7f4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:57:44.245346+00:00	Debian Importer	Fixing	VCID-cxhw-3w24-dkes	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:57:44.198428+00:00	Debian Importer	Fixing	VCID-khur-3ax7-9fhb	https://security-tracker.debian.org/tracker/data/json	38.1.0