CVE-2024-10604

Summary

Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances

Affected Software

VendorProductVersion RangeStatus
GoogleFuchsiaRelease F19unaffected

Weaknesses

  • CWE-330: CWE-330 Use of Insufficiently Random Values

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References