cve 2025 11936

CVE-2025-11936 is a denial-of-service vulnerability in wolfSSL, a lightweight TLS/SSL library used in IoT devices and networking equipment. The flaw affects TLS 1.3 handshake processing: a specially crafted ClientHello with duplicate KeyShareEntry values for the same group can cause excessive CPU and memory consumption, leading to server-side DoS conditions. The issue was present in wolfSSL version 5.8.2 and has been fixed in version 5.8.4. This tag covers discussions about the vulnerability, its impact on systems using wolfSSL, and the patching process. Users and administrators of wolfSSL should update to version 5.8.4 or later to mitigate the risk.