CVE-2025-11931

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-11931
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11931.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-11931
Downstream
Published
2025-11-21T23:15:43.690Z
Modified
2026-03-12T17:35:30.692421Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVSS Calculator
Summary
[none]
Details

Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wcXChaCha20Poly1305Decrypt() which is not used with TLS connections, only from direct calls from an application.

References

Affected packages

Git / github.com/wolfssl/wolfssl

Affected ranges

Type
GIT
Repo
https://github.com/wolfssl/wolfssl
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
59f4fa568615396fbf381b073b220d1e8d61e4c2
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.8.4"
        }
    ]
}

Affected versions

Other
WCv4-rng-stable
WCv4-stable
l
list
wolfEntropy1
wolfRand-RC2
WCv4.*
WCv4.0-RC5
WCv4.0-RC6
WCv4.0-RC8
WCv4.0-RC9
WCv5.*
WCv5.0-RC10
WCv5.0-RC11
WCv5.0-RC12
WCv5.0-RC9
WCv5.2.1-PILOT
v0.*
v0.5
v1.*
v1.8.8.0
v1.9.0
v2.*
v2.0.2
v2.0.3
v2.0.6
v2.0.8
v2.0rc1
v2.0rc2
v2.0rc2b
v2.0rc3
v2.1.1
v2.1.2
v2.1.4
v2.2.0
v2.2.1
v2.2.2
v2.3.0
v2.4.0
v2.4.2
v2.4.6
v2.4.7
v2.5.0
v2.5.2
v2.5.2b
v2.6.0
v2.6.2
v2.7.0
v2.7.2
v2.8.0
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.5a
v2.8.6
v2.9.0
v2.9.1
v2.9.2
v2.9.4
v3.*
v3.0.0
v3.0.2
v3.1.0
v3.10.0-stable
v3.10.0a
v3.10.2-stable
v3.10.3
v3.10.4
v3.11.0-stable
v3.11.1-tls13-beta
v3.12.0-stable
v3.12.2-stable
v3.13.0-stable
v3.13.2
v3.13.3
v3.14.0-stable
v3.14.0a
v3.14.0b
v3.14.2
v3.14.4
v3.14.5
v3.15.0-stable
v3.15.3-stable
v3.15.5-stable
v3.15.5a
v3.15.6
v3.15.7-stable
v3.15.8
v3.2.0
v3.2.4
v3.2.6
v3.3.0
v3.3.3
v3.4.0
v3.4.2
v3.4.6
v3.4.8
v3.6.0
v3.6.0b
v3.6.2
v3.6.6
v3.6.8
v3.6.9
v3.6.9b
v3.6.9c
v3.6.9d
v3.69.d
v3.7.0
v3.7.1
v3.7.3
v3.8.0
v3.9.0
v3.9.1
v3.9.10-stable
v3.9.10b
v3.9.6
v3.9.6w
v3.9.8
v4.*
v4.0.0-stable
v4.1.0-stable
v4.2.0-stable
v4.2.0c
v4.3.0-stable
v4.4.0-stable
v4.5.0-stable
v4.6.0-stable
v4.7.0-stable
v4.7.1r
v4.8.0-stable
v5.*
v5.0.0-stable
v5.1.0-stable
v5.2.0-stable
v5.2.1
v5.3.0-stable
v5.4.0-stable
v5.5.0-stable
v5.5.1-stable
v5.5.2-stable
v5.5.3-stable
v5.5.4-stable
v5.6.0-stable
v5.6.2-stable
v5.6.3-stable
v5.6.4-stable
v5.6.6-stable
v5.7.0-stable
v5.7.2-stable
v5.7.4-stable
v5.7.6-stable
v5.8.0-stable
v5.8.2-stable
v5.8.4-stable

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11931.json"