Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-n64w-nq6a-m7bv

Summary In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_9 is optimized into conditional branches (bnez) by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret keys via timing analysis.

Aliases

alias	CVE-2026-3580

Fixed_packages

url	pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
purl	pkg:deb/debian/wolfssl@5.9.0-0.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.1%3Fdistro=trixie

url	pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
purl	pkg:deb/debian/wolfssl@5.9.0-0.2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2%3Fdistro=trixie

url	pkg:deb/debian/wolfssl@5.9.0-0.2
purl	pkg:deb/debian/wolfssl@5.9.0-0.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.9.0-0.2

Affected_packages

url pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2

purl pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1u3q-52yd-1bhe

vulnerability	VCID-24s5-d6jt-4kfe

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-47nm-nte5-27fm

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-6n4g-us9a-53g4

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-7xbp-qkvv-bqgm

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9hdy-aqa2-w3bd

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-cum2-vp1j-syfc

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-dpu2-4w42-kygw

vulnerability	VCID-euma-vgqx-sbau

vulnerability	VCID-f4gq-hqcp-dqe2

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-su8x-6n42-n3d5

vulnerability	VCID-u24a-2khf-uyba

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-xfgd-4hs3-vygk

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

vulnerability	VCID-zhf4-y8v8-gubn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@4.6.0%252Bp1-0%252Bdeb11u2

url pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/wolfssl@4.6.0%2Bp1-0%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1u3q-52yd-1bhe

vulnerability	VCID-24s5-d6jt-4kfe

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-47nm-nte5-27fm

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-6n4g-us9a-53g4

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-7xbp-qkvv-bqgm

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9hdy-aqa2-w3bd

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-cum2-vp1j-syfc

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-dpu2-4w42-kygw

vulnerability	VCID-euma-vgqx-sbau

vulnerability	VCID-f4gq-hqcp-dqe2

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-su8x-6n42-n3d5

vulnerability	VCID-u24a-2khf-uyba

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-xfgd-4hs3-vygk

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

vulnerability	VCID-zhf4-y8v8-gubn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@4.6.0%252Bp1-0%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2

purl pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1u3q-52yd-1bhe

vulnerability	VCID-24s5-d6jt-4kfe

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-47nm-nte5-27fm

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-7xbp-qkvv-bqgm

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9hdy-aqa2-w3bd

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-dpu2-4w42-kygw

vulnerability	VCID-euma-vgqx-sbau

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-su8x-6n42-n3d5

vulnerability	VCID-u24a-2khf-uyba

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-xfgd-4hs3-vygk

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

vulnerability	VCID-zhf4-y8v8-gubn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.4-2%252Bdeb12u2

url pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/wolfssl@5.5.4-2%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1u3q-52yd-1bhe

vulnerability	VCID-24s5-d6jt-4kfe

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-47nm-nte5-27fm

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-7xbp-qkvv-bqgm

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9hdy-aqa2-w3bd

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-dpu2-4w42-kygw

vulnerability	VCID-euma-vgqx-sbau

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-su8x-6n42-n3d5

vulnerability	VCID-u24a-2khf-uyba

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-xfgd-4hs3-vygk

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

vulnerability	VCID-zhf4-y8v8-gubn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.5.4-2%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1

purl pkg:deb/debian/wolfssl@5.7.2-0.1%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ry7-trrg-gfdk

vulnerability	VCID-4zda-zrq6-hbc8

vulnerability	VCID-6v8z-cfax-zqbh

vulnerability	VCID-8735-ectc-j7a3

vulnerability	VCID-9jpj-dfsf-qkce

vulnerability	VCID-9jw2-3v9v-ruap

vulnerability	VCID-9kev-ferz-5bhr

vulnerability	VCID-9x14-2t7m-1kbm

vulnerability	VCID-cxhw-3w24-dkes

vulnerability	VCID-f57c-kamk-3bct

vulnerability	VCID-fmtp-x6y7-83g1

vulnerability	VCID-gcfd-w8je-kqfm

vulnerability	VCID-gdur-h588-vbb6

vulnerability	VCID-gmdj-a1ys-tqc2

vulnerability	VCID-h6na-nxxq-5yg9

vulnerability	VCID-hk8r-kk4v-1fa7

vulnerability	VCID-jxf4-y1au-5bhw

vulnerability	VCID-khur-3ax7-9fhb

vulnerability	VCID-n64w-nq6a-m7bv

vulnerability	VCID-njbj-f91t-b7f4

vulnerability	VCID-uvht-9bt9-hfbb

vulnerability	VCID-v3m6-zajw-bfhb

vulnerability	VCID-xuyn-pjpb-g7du

vulnerability	VCID-xxkx-w5pc-5uap

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wolfssl@5.7.2-0.1%252Bdeb13u1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-3580

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02053
published_at	2026-04-13T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02057
published_at	2026-04-12T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02074
published_at	2026-04-02T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.0208
published_at	2026-04-04T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02075
published_at	2026-04-07T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02077
published_at	2026-04-08T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02094
published_at	2026-04-09T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02072
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-3580

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3580
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3580

reference_url

https://github.com/wolfSSL/wolfssl/pull/9855

reference_id

9855

reference_type

scores

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T20:25:11Z/

url

https://github.com/wolfSSL/wolfssl/pull/9855

Weaknesses

cwe_id	203
name	Observable Discrepancy
description	The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Exploits

Severity_range_score 2.1 - 2.1

Exploitability 0.5

Weighted_severity 1.9

Risk_score 0.9

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n64w-nq6a-m7bv

Vulnerability Instance