从这个网页截图中可以获取以下关于漏洞的关键信息: 关键漏洞信息 1. Vulnerabilities Section - CVE-2025-12888: - Description: Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. - Severity: Low - Fixed in PR: 9275 - Solution: If targeting Xtensa, use the low memory implementations of X25519, which is now turned on as the default for Xtensa. - CVE-2025-11936: - Description: Potential DoS vulnerability due to a memory leak through multiple KeyShareEntry with the same group in malicious TLS 1.3 ClientHello messages. - Severity: Medium - Fixed in PR: 9117 - Solution: Link to fix - CVE-2025-11935: - Description: PSK with PFS (Perfect Forward Secrecy) downgrades to PSK without PFS during TLS 1.3 handshake. - Severity: Low - Fixed in PR: 9112 - CVE-2025-11934: - Description: Signature Algorithm downgrade from ECDSA P521 to P256 during TLS 1.3 handshake. - Severity: Low - Fixed in PR: 9113 - CVE-2025-11933: - Description: DoS Vulnerability in wolfSSL TLS 1.3 CKS extension parsing. - Severity: Low - Fixed in PR: 9132 - CVE-2025-11931: - Description: Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305_Decrypt. - Severity: Low - Fixed in PR: 9223 - CVE-2025-11932: - Description: Timing Side-Channel in PSK Binder Verification. - Severity: Low - Fixed in PR: 9223 - CVE-2025-12889: - Description: With TLS 1.2 connections a client can use any digest, specifically a weaker digest, rather than those in the CertificateRequest. - Severity: Low - Fixed in PR: 9395 2. Fixes and Improvements - Numerous bug fixes and optimizations have been implemented, improving the overall security and performance of the library. Specific fixes include: - Fix for memory leaks - improvements in TLS 1.2/DTLS handling - Enhanced testing and benchmarking 3. Additional Resources - For more details on vulnerabilities, refer to the vulnerability page. 这些关键信息可以帮助理解和解决可能影响wolfSSL项目安全性的漏洞问题。