CVE-2026-3503

Published: Mar 19, 2026 Last Modified: Mar 19, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 4,3

Source: [email protected]

Attack Vector: physical

Attack Complexity: high

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during Keccak-based expansion.

This issue affects wolfSSL (wolfCrypt): commit hash d86575c766e6e67ef93545fa69c04d6eb49400c6.

335

Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Other

Potential Impacts:

Bypass Protection Mechanism Other

Applicable Platforms

All platforms may be affected

View CWE Details

https://github.com/wolfSSL/wolfssl/pull/9734

CVE-2026-3503

Description

Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

Common Consequences

Applicable Platforms

Iscriviti alla newsletter