Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-2mmq-prpj-ww9q

Опубликовано: 22 нояб. 2025
Источник: github
Github: Не прошло ревью
CVSS4: 6.3
CVSS3: 5.3

Описание

Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to excessive CPU and memory consumption during ClientHello processing.

Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to excessive CPU and memory consumption during ClientHello processing.

Ссылки

EPSS

Процентиль: 7%
0.00027
Низкий

6.3 Medium

CVSS4

5.3 Medium

CVSS3

CVE ID

CVE-2025-11936

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2025-11936

CVSS3: 5.3
ubuntu
3 месяца назад

Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to excessive CPU and memory consumption during ClientHello processing.

nvd логотип

CVE-2025-11936

CVSS3: 5.3
nvd
3 месяца назад

Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to excessive CPU and memory consumption during ClientHello processing.

msrc логотип

CVE-2025-11936

msrc
2 месяца назад

Potential DoS Vulnerability through Multiple KeyShareEntry with Same Group in TLS 1.3 ClientHello

debian логотип

CVE-2025-11936

CVSS3: 5.3
debian
3 месяца назад

Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolf ...

EPSS

Процентиль: 7%
0.00027
Низкий

6.3 Medium

CVSS4

5.3 Medium

CVSS3

CVE ID

CVE-2025-11936

Дефекты

CWE-20