CVE-2024-10604

Feb. 24, 2025, 12:15 p.m.

None
No Score

Description

Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances

Product(s) Impacted

Product Versions
Fuchsia

Weaknesses

CWE-330
Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

References

https://fuchsia.googlesource.com/fuchsia/+/40e7fbcdcd013441daf4492f1ead349a9e5b80dc
https://fuchsia.googlesource.com/fuchsia/+/a3c17a4d6b3140f9175d6cf6ac4eb4e775f8dea8
https://www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf

Tags

cve-coordination@google.com
CWE-330
2025-01-30
CVE-2024-10604

Date

  • Published: Jan. 30, 2025, 8:15 p.m.
  • Last Modified: Feb. 24, 2025, 12:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve-coordination@google.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.