VDB
CVE-2026-3579
CVE-2026-3579
PUBLISHED
CVSS 2.0999999046325684 LOW
wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted __muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions (sp_256_mul_9, sp_256_sqr_9, etc.), leading to a timing side-channel that may expose sensitive cryptographic data.
EPSS 0.01% · 1.7th percentile
Risk Scores
CVSS v4.0
2.0999999046325684
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
EPSS Score
0.01%
1.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| wolfSSL | wolfSSL | 0, 0, 0 |
| wolfssl | wolfssl | 5.8.4, 5.8.4, 5.8.4 |
Timeline
- Mar 19, 2026 PoC Published
- Mar 19, 2026 CVE Published
- Mar 20, 2026 EPSS Score
- Mar 20, 2026 Coalition ESS Score
- Mar 21, 2026 EPSS Score
- Mar 21, 2026 Coalition ESS Score
- Mar 22, 2026 EPSS Score
- Mar 23, 2026 EPSS Score
- Mar 24, 2026 EPSS Score
- Mar 24, 2026 CVE Updated
- Mar 25, 2026 EPSS Score
- Mar 29, 2026 Security Advisory