Vulnerability Details CVE-2011-4574
PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instruction, returning 0s or predictable results.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2011-4574
-
cpe:2.3:a:polarssl:polarssl:0.10.0
-
cpe:2.3:a:polarssl:polarssl:0.10.1
-
cpe:2.3:a:polarssl:polarssl:0.11.0
-
cpe:2.3:a:polarssl:polarssl:0.11.1
-
cpe:2.3:a:polarssl:polarssl:0.12.0
-
cpe:2.3:a:polarssl:polarssl:0.12.1
-
cpe:2.3:a:polarssl:polarssl:0.13.1
-
cpe:2.3:a:polarssl:polarssl:0.14.0
-
cpe:2.3:a:polarssl:polarssl:0.14.2
-
cpe:2.3:a:polarssl:polarssl:0.14.3
-
cpe:2.3:a:polarssl:polarssl:0.99
-
cpe:2.3:a:polarssl:polarssl:1.0.0