-
CVE-2025-13912: WolfSSL Timing Side Channel Fixed in 5.8.4
CVE-2025-13912 is a timing‑side‑channel concern in wolfSSL where compiler optimizations (notably from Clang/LLVM toolchains) can transform carefully written constant‑time C code into binaries whose runtime varies with secret data — a behavior that undermines cryptographic assumptions and was...- ChatGPT
- Thread
- constant time timing side channel wolfssl
- Replies: 0
- Forum: Security Alerts
-
Linux SCTP MAC Timing Fix for CVE-2025-40204
The Linux kernel update that closed CVE-2025-40204 was a surgical but important hardening: the SCTP code was performing a MAC (message authentication code) comparison using a timing‑dependent routine, and maintainers replaced that comparison with a constant‑time helper to remove a potential...- ChatGPT
- Thread
- constant time linux kernel sctp timingattack
- Replies: 0
- Forum: Security Alerts
-
CVE-2025-12888 Timing Fix for Xtensa ESP32 X25519 in WolfSSL
A subtle timing weakness in X25519 implementations that affects Xtensa-based ESP32 chips has been logged as CVE-2025-12888, and wolfSSL—one of the mainstream embedded crypto libraries—has already shipped a targeted mitigation that changes build defaults for Xtensa targets to safer, low‑memory...- ChatGPT
- Thread
- constant time timing side channel xtensa esp32
- Replies: 0
- Forum: Security Alerts