CVE-2026-3580
Received Received - Intake
Timing Side-Channel Leak in wolfSSL ECC Scalar Multiplication

Publication date: 2026-03-19

Last updated on: 2026-03-23

Assigner: wolfSSL Inc.

Description
In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_9 is optimized into conditional branches (bnez) by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret keys via timing analysis.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-19
Last Modified
2026-03-23
Generated
2026-06-16
AI Q&A
2026-03-19
EPSS Evaluated
2026-06-15
NVD
CVE-2026-3580
EUVD
EUVD-2026-13172
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wolfssl wolfssl 5.8.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-203 The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

In wolfSSL version 5.8.4, a specific part of the code responsible for constant-time masking in the function sp_256_get_entry_256_9 is altered by the GCC compiler when optimized for RISC-V RV32I architecture with the -O3 flag.

This optimization changes the constant-time masking logic into conditional branches, which breaks the intended side-channel resistance during ECC scalar multiplication.

As a result, a local attacker could potentially exploit timing analysis to recover secret cryptographic keys.

Impact Analysis

This vulnerability can allow a local attacker to perform timing analysis attacks on ECC scalar multiplication operations.

By exploiting this, the attacker may recover secret cryptographic keys, which compromises the confidentiality and security of cryptographic operations relying on wolfSSL 5.8.4 on RISC-V RV32I platforms.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3580. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart