A recently disclosed vulnerability in wolfSSL’s XChaCha20‑Poly1305 implementation—tracked as CVE‑2025‑11931—can trigger an integer underflow that leads to an out‑of‑bounds memory access when an application calls the library’s direct decrypt API. wolfSSL published a rapid fix and incorporated the...
