CVE-2026-3580

UNKNOWN 0.0

Compiler-induced timing leak in sp_256_get_entry_256_9 on RISC-V

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_9 is optimized into conditional branches (bnez) by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret keys via timing analysis.

CWE	CWE-203
Vendor	wolfssl
Product	wolfssl
Published	Mar 19, 2026
Last Updated	Mar 19, 2026

Stay Ahead of the Next One

Get instant alerts for wolfssl wolfssl

Be the first to know when new unknown vulnerabilities affecting wolfssl wolfssl are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

wolfSSL / wolfSSL

0 < 5.9.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/wolfSSL/wolfssl/pull/9855

Credits

Wind Wong