Security Advisory

CVE-2026-3579

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-19 19:37:23

Last updated 2026-03-24 01:36:54

Assigner wolfSSL

State PUBLISHED

Description

wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted __muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions (sp_256_mul_9, sp_256_sqr_9, etc.), leading to a timing side-channel that may expose sensitive cryptographic data.

← Browse all CVEs View on cve.org ↗