CVE-2024-10603

Feb. 24, 2025, 12:15 p.m.

None
No Score

Description

Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances.

Product(s) Impacted

Product Versions
gVisor
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-340
Generation of Predictable Numbers or Identifiers
The product uses a scheme that generates numbers or identifiers that are more predictable than required.

References

https://github.com/google/gvisor/commit/5d2bf2546805afa09a6f6d9b23ec267823e32205
https://github.com/google/gvisor/commit/83f75082e5b03fafca9201d9d9939028f712b0b2
https://github.com/google/gvisor/commit/cbdb2c61b1f753834cedf2ebe68cbc335dadca52
https://www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf

Tags

cve-coordination@google.com
CWE-340
2025-01-30
CVE-2024-10603

Timeline

Published: Jan. 30, 2025, 8:15 p.m.
Last Modified: Feb. 24, 2025, 12:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve-coordination@google.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.