CVE-2024-10603

Published: Jan 30, 2025

Modified: Feb 24, 2025

PUBLISHED

Description

Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances.

Vendor	Product	Versions
Google	gVisor	unaffected `release-20241028.0`

Weaknesses (CWE)

CWE-340

References

https://github.com/google/gvisor/commit/83f75082e5b03fafca9201d9d9939028f712b0b2

https://github.com/google/gvisor/commit/cbdb2c61b1f753834cedf2ebe68cbc335dadca52

https://github.com/google/gvisor/commit/5d2bf2546805afa09a6f6d9b23ec267823e32205

https://www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-10603

Description

Affected Products

Weaknesses (CWE)

References