CVE-2025-11934

NameCVE-2025-11934
DescriptionImproper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in wolfSSL 5.8.2 and earlier on multiple platforms allows for downgrading the signature algorithm used. For example when a client sends ECDSA P521 as the supported signature algorithm the server previously could respond as ECDSA P256 being the accepted signature algorithm and the connection would continue with using ECDSA P256, if the client supports ECDSA P256.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1121199

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
wolfssl (PTS)bullseye4.6.0+p1-0+deb11u2vulnerable
bookworm5.5.4-2+deb12u2vulnerable
trixie5.7.2-0.1+deb13u1vulnerable
forky, sid5.8.2-1.2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
wolfsslsource(unstable)(unfixed)1121199

Notes

https://github.com/wolfSSL/wolfssl/pull/9113
Fixed by: https://github.com/wolfSSL/wolfssl/commit/2810656242f18b813c1fbea117f68ac19193381f (v5.8.4-stable)
Search for package or bug name: Reporting problems