Description
wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted __muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions (sp_256_mul_9, sp_256_sqr_9, etc.), leading to a timing side-channel that may expose sensitive cryptographic data.
Published: 2026-03-19
Score: 2.1 Low
EPSS: < 1% Very Low
KEV: No
Impact: Timing side‑channel may leak cryptographic secrets.
Action: Apply Patch
AI Analysis

Impact

The vulnerability arises from a lack of a constant‑time implementation for the __muldi3 subroutine on RISC‑V RV32I, causing the compiler‑injected 64‑bit multiplication to take variable time depending on the operands. This creates a timing side‑channel that can expose private keys or other sensitive data processed by wolfSSL’s SP math functions such as sp_256_mul_9 and sp_256_sqr_9. The weakness is classified as CWE‑203.

Affected Systems

wolfSSL version 5.8.4 running on RISC‑V RV32I architecture. The issue manifests in all instances that use the affected SP math functions in the library; no other vendors or products are listed.

Risk and Exploitability

CVSS is 2.1 and EPSS is below 1 %, with no KEV listing, indicating modest base severity. However, an attacker who can repeatedly invoke the multiplication routine and measure timing can potentially recover secret data. The likely attack vector is timing analysis of the multiply routine; this is inferred from the description that execution time varies with operand values. Because the problem depends on observable timing differences, the risk is not negligible for systems performing sensitive crypto operations.

Generated by OpenCVE AI on March 23, 2026 at 20:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update wolfSSL to a version that includes the fixed __muldi3 implementation (see the GitHub pull request for details).
  • Verify that the new build uses a constant‑time multiplication routine for 64‑bit operations.
  • If an immediate update is not possible, isolate the cryptographic workload from external traffic and consider replacing the affected functions with a constant‑time alternative if available.
  • Stay informed of further advisories or patches by subscribing to wolfSSL releases and monitoring security mailing lists.

Generated by OpenCVE AI on March 23, 2026 at 20:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 02:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wolfssl:wolfssl:5.8.4:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Wolfssl
Wolfssl wolfssl
Vendors & Products Wolfssl
Wolfssl wolfssl

Thu, 19 Mar 2026 19:45:00 +0000

Type Values Removed Values Added
Description wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted __muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions (sp_256_mul_9, sp_256_sqr_9, etc.), leading to a timing side-channel that may expose sensitive cryptographic data.
Title Non-constant time multiplication subroutine __muldi3 on RISC-V RV32I
Weaknesses CWE-203
References
Metrics cvssV4_0

{'score': 2.1, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N'}

Subscriptions

Wolfssl Wolfssl
cve-icon MITRE

Status: PUBLISHED

Assigner: wolfSSL

Published:

Updated: 2026-03-24T01:36:54.479Z

Reserved: 2026-03-05T00:16:14.629Z

Link: CVE-2026-3579

cve-icon Vulnrichment

Updated: 2026-03-24T01:36:50.169Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T20:16:14.300

Modified: 2026-03-23T18:56:41.667

Link: CVE-2026-3579

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T11:55:11Z

Weaknesses