216.73.216.133

CVE-2026-3579

· Published 19/03/2026 20:16 · Modified 20/03/2026 13:39

Labels: CVE-2026-3579 2026-03-19CVE-2026-3579CWE-203[email protected]

Essential information

Published
19/03/2026 20:16
Modified
20/03/2026 13:39
Author
Creator
CVSS
2.1 LOW (v3) 2.1 LOW (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted __muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions (sp_256_mul_9, sp_256_sqr_9, etc.), leading to a timing side-channel that may expose sensitive cryptographic data.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
wolfssl / wolfssl cpe:2.3:a:wolfssl:wolfssl:5.8.4:*:*:*:*:*:*:*

References