Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wc_XChaCha20Poly1305_Decrypt() which is not used with TLS connections, only from direct calls from an application.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://github.com/wolfSSL/wolfssl/pull/9223 |
Configurations
No configuration.
History
21 Nov 2025, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-11-21 23:15
Updated : 2025-11-25 22:16
NVD link : CVE-2025-11931
Mitre link : CVE-2025-11931
CVE.ORG link : CVE-2025-11931
JSON object : View
Products Affected
No product.
CWE
CWE-191
Integer Underflow (Wrap or Wraparound)