CVE-2024-10604 | THREATINT

Description

Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances

PUBLISHED Reserved 2024-10-31 | Published 2025-01-30 | Updated 2025-02-24 | Assigner Google

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Problem types

CWE-330 Use of Insufficiently Random Values

Product status

Default status

unaffected

Release F19

unaffected

Credits

Amit Klein (Hebrew University of Jerusalem) finder

Inon Kaplan (Independent researcher) finder

Ron Even (Independent researcher) finder

References

fuchsia.googlesource.com/...6b3140f9175d6cf6ac4eb4e775f8dea8

fuchsia.googlesource.com/...cd013441daf4492f1ead349a9e5b80dc

www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf

cve.org (CVE-2024-10604)

nvd.nist.gov (CVE-2024-10604)

Download JSON