CVE-2026-3580
Received Received - Intake

Timing Side-Channel Leak in wolfSSL ECC Scalar Multiplication

Vulnerability report for CVE-2026-3580, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-19

Last updated on: 2026-03-23

Assigner: wolfSSL Inc.

Description

In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_9 is optimized into conditional branches (bnez) by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret keys via timing analysis.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-19
Last Modified
2026-03-23
Generated
2026-07-06
AI Q&A
2026-03-19
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
wolfssl wolfssl 5.8.4

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-203 The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

In wolfSSL version 5.8.4, a specific part of the code responsible for constant-time masking in the function sp_256_get_entry_256_9 is altered by the GCC compiler when optimized for RISC-V RV32I architecture with the -O3 flag.

This optimization changes the constant-time masking logic into conditional branches, which breaks the intended side-channel resistance during ECC scalar multiplication.

As a result, a local attacker could potentially exploit timing analysis to recover secret cryptographic keys.

Impact Analysis

This vulnerability can allow a local attacker to perform timing analysis attacks on ECC scalar multiplication operations.

By exploiting this, the attacker may recover secret cryptographic keys, which compromises the confidentiality and security of cryptographic operations relying on wolfSSL 5.8.4 on RISC-V RV32I platforms.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3580. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart