CVE-2026-3579
Received Received - Intake
Timing Side-Channel in wolfSSL 5.8.4 on RISC-V RV32I

Publication date: 2026-03-19

Last updated on: 2026-03-23

Assigner: wolfSSL Inc.

Description
wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted __muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions (sp_256_mul_9, sp_256_sqr_9, etc.), leading to a timing side-channel that may expose sensitive cryptographic data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-19
Last Modified
2026-03-23
Generated
2026-06-16
AI Q&A
2026-03-19
EPSS Evaluated
2026-06-14
NVD
CVE-2026-3579
EUVD
EUVD-2026-13170
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wolfssl wolfssl 5.8.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-203 The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in wolfSSL version 5.8.4 running on RISC-V RV32I architectures that lack hardware multiplication instructions. The software uses a compiler-inserted multiplication subroutine (__muldi3) for 64-bit multiplication, which executes in variable time depending on the operand values.

Because the multiplication is not constant-time, it affects several cryptographic functions (such as sp_256_mul_9 and sp_256_sqr_9), creating a timing side-channel. This side-channel can potentially leak sensitive cryptographic data by allowing attackers to infer information based on how long operations take.

Impact Analysis

The timing side-channel caused by variable-time 64-bit multiplication can expose sensitive cryptographic data processed by wolfSSL on affected RISC-V RV32I systems.

An attacker with the ability to measure operation timing could exploit this to gain information about cryptographic keys or other secret data, potentially compromising the confidentiality and security of communications or data protected by wolfSSL.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, update wolfSSL to version 5.9.0 or later, which includes a patch implementing a constant-time software multiplication function (__muldi3) for RISC-V 32-bit architectures lacking the hardware multiplication extension.

This patch ensures that the multiplication subroutine executes in constant time, preventing timing side-channel leaks of sensitive cryptographic data.

Additionally, ensure that your build environment defines the macro SP_NO_MUL_INSTRUCTION when compiling for RISC-V 32-bit without the multiplication extension to enable the constant-time implementation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3579. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart