Observable Discrepancy
CVE-2025-13912
Summary
Multiple constant-time implementations in wolfSSL prior to version 5.8.4 may be transformed into non-constant-time binary by LLVM optimizations, which can potentially result in observable timing discrepancies and lead to information disclosure through timing side-channel attacks.
- HIGH
- LOCAL
- PASSIVE
- HIGH
CWE-203 - Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
References
Advisory Timeline
- Published
