CVE-2024-10604

Exploit

EPSS 0.07%
Published 30.01.2025 20:15:33
Last modified 29.07.2025 18:44:06
Source cve-coordination@google.com
Teams watchlist Login
Open Login

Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Fuchsia Version < f16

Google ≫ Fuchsia Version >= f17 < f20

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.208

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cve-coordination@google.com	6.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

https://www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf

Third Party Advisory

Exploit

Mitigation

https://fuchsia.googlesource.com/fuchsia/+/40e7fbcdcd013441daf4492f1ead349a9e5b80dc

Patch

https://fuchsia.googlesource.com/fuchsia/+/a3c17a4d6b3140f9175d6cf6ac4eb4e775f8dea8

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-10604

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-10604

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-10604

EUVD