CVE-2026-3580 — Observable Discrepancy in Wolfssl

CWE-203 — Observable Discrepancy CWE-20 — Improper Input Validation8 documents7 sources

Severity

2.1LOWNVD

EPSS

0.0%

top 97.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wolfssl Debian Wolfssl Msrc Azl3 Mariadb 10.11.16-1 ON Azure Linux 3.0 +1 more

Timeline

PublishedMar 19

Description

In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_9 is optimized into conditional branches (bnez) by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret keys via timing analysis.

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Affected Packages6 packages

▶debiandebian/wolfssl< wolfssl 5.9.0-0.1 (forky)

▶CVEListV5wolfssl/wolfssl< 5.9.0

▶Debianwolfssl/wolfssl< 5.9.0-0.1

▶NVDwolfssl/wolfssl5.8.4

▶msrcmsrc/cbl2_mariadb_10.6.24-1_on_cbl_mariner_2.0

🔴Vulnerability Details

OSV

CVE-2026-3580: In wolfSSL 5↗2026-03-19

▶

GHSA

GHSA-wm74-pvww-q7h2: In wolfSSL 5↗2026-03-19

▶

📋Vendor Advisories

Microsoft

Compiler-induced timing leak in sp_256_get_entry_256_9 on RISC-V↗2026-03-10

▶

Debian

CVE-2026-3580: wolfssl - In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_9 is optim...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-3580 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶