DoS Vulnerability in wolfSSL TLS 1.3 CKS Extension

...

CVE-2025-11933

Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service via a crafted ClientHello message with duplicate CKS extensions...

UBUNTU-CVE-2025-11933

Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service via a crafted ClientHello message with duplicate CKS extensions...

PT-2025-47810

Name of the Vulnerable Software and Affected Versions wolfSSL versions 5.8.2 and earlier Description A flaw exists in the processing of TLS 1.3 CKS extensions within wolfSSL. This improper input validation can be triggered by a specially crafted ClientHello message containing duplicate CKS...

gnutls: Use after free in client key_share extension

A flaw was found in gnutls. A use after free issue in client sending keyshare extension may lead to memory corruption and denial of service...

Moderate: gnutls and nettle security, bug fix, and enhancement update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages...

A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.

...

ALPINE-CVE-2021-20231

A flaw was found in gnutls. A use after free issue in client sending keyshare extension may lead to memory corruption and other consequences...

UBUNTU-CVE-2021-20231

A flaw was found in gnutls. A use after free issue in client sending keyshare extension may lead to memory corruption and other consequences...