wolfSSL Constant-Time Logic Vulnerability in ECC Scalar Multiplication on RISC-V RV32I

Vulnerability

A vulnerability in wolfSSL version 5.8.4 allows for side-channel attacks on ECC scalar multiplication. The issue arises because constant-time masking logic is optimized into conditional branches by GCC when targeting RISC-V RV32I with optimization level 3. This transformation breaks the side-channel resistance, potentially enabling a local attacker to recover secret keys through timing analysis.

Impact

Exploitation of this vulnerability could lead to the recovery of secret keys via timing analysis, undermining the security of ECC operations.

Added: Mar 19, 2026, 8:20 PM

Updated: Mar 19, 2026, 8:20 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

3.5

remediation

0.0

relevance

4.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

3.5

remediation

0.0

relevance

4.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

wolfSSL Constant-Time Logic Vulnerability in ECC Scalar Multiplication on RISC-V RV32I

Vulnerability

Impact

Affected Products

wolfSSL

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating