← Voltar para CVEs
CVE-2011-4574
CRITICAL9.8
Descricao
PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instruction, returning 0s or predictable results.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado10/27/2021
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
polarssl:polarssl
Fraquezas (CWE)
CWE-338
Referencias
https://tls.mbed.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02(secalert@redhat.com)
https://tls.mbed.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.