CVE-2025-11934

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-11934
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11934.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-11934
Downstream
Published
2025-11-21T23:15:44.540Z
Modified
2026-03-14T12:41:34.132691Z
Severity
  • 2.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in wolfSSL 5.8.2 and earlier on multiple platforms allows for downgrading the signature algorithm used. For example when a client sends ECDSA P521 as the supported signature algorithm the server previously could respond as ECDSA P256 being the accepted signature algorithm and the connection would continue with using ECDSA P256, if the client supports ECDSA P256.

References

Affected packages

Git / github.com/wolfssl/wolfssl

Affected ranges

Type
GIT
Repo
https://github.com/wolfssl/wolfssl
Events
Introduced
decea12e223869c8f8f3ab5a53dc90b69f436eb2
Fixed
59f4fa568615396fbf381b073b220d1e8d61e4c2
Database specific 
{
    "versions": [
        {
            "introduced": "5.8.2"
        },
        {
            "fixed": "5.8.4"
        }
    ]
}

Affected versions

v5.*
v5.8.2-stable

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11934.json"