CVE-2024-10604

Published: Jan 30, 2025

Modified: Feb 24, 2025

PUBLISHED

Description

Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances

Vendor	Product	Versions
Google	Fuchsia	unaffected `Release F19`

Weaknesses (CWE)

CWE-330

References

https://fuchsia.googlesource.com/fuchsia/+/a3c17a4d6b3140f9175d6cf6ac4eb4e775f8dea8

https://fuchsia.googlesource.com/fuchsia/+/40e7fbcdcd013441daf4492f1ead349a9e5b80dc

https://www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-10604

Description

Affected Products

Weaknesses (CWE)

References