CVE-2026-3579
Timing Side-Channel in wolfSSL 5.8.4 on RISC-V RV32I
Publication date: 2026-03-19
Last updated on: 2026-03-23
Assigner: wolfSSL Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wolfssl | wolfssl | 5.8.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-203 | The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in wolfSSL version 5.8.4 running on RISC-V RV32I architectures that lack hardware multiplication instructions. The software uses a compiler-inserted multiplication subroutine (__muldi3) for 64-bit multiplication, which executes in variable time depending on the operand values.
Because the multiplication is not constant-time, it affects several cryptographic functions (such as sp_256_mul_9 and sp_256_sqr_9), creating a timing side-channel. This side-channel can potentially leak sensitive cryptographic data by allowing attackers to infer information based on how long operations take.
How can this vulnerability impact me? :
The timing side-channel caused by variable-time 64-bit multiplication can expose sensitive cryptographic data processed by wolfSSL on affected RISC-V RV32I systems.
An attacker with the ability to measure operation timing could exploit this to gain information about cryptographic keys or other secret data, potentially compromising the confidentiality and security of communications or data protected by wolfSSL.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update wolfSSL to version 5.9.0 or later, which includes a patch implementing a constant-time software multiplication function (__muldi3) for RISC-V 32-bit architectures lacking the hardware multiplication extension.
This patch ensures that the multiplication subroutine executes in constant time, preventing timing side-channel leaks of sensitive cryptographic data.
Additionally, ensure that your build environment defines the macro SP_NO_MUL_INSTRUCTION when compiling for RISC-V 32-bit without the multiplication extension to enable the constant-time implementation.