6.3

CVE-2024-10603

Exploit
Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleGvisor Version < 20231030.0
GoogleGvisor Version20231106.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.325
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cve-coordination@google.com 6.3 0 0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-340 Generation of Predictable Numbers or Identifiers

The product uses a scheme that generates numbers or identifiers that are more predictable than required.

https://www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf
Third Party Advisory
Exploit
Mitigation
Technical Description