We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-10604

Identifiable Header Values In Fuchsia Leading To Tracking of The User



Description

Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances

Reserved 2024-10-31 | Published 2025-01-30 | Updated 2025-02-06 | Assigner Google


MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Problem types

CWE-330 Use of Insufficiently Random Values

Product status

Default status
unaffected

Release F19
unaffected

Credits

Amit Klein (Hebrew University of Jerusalem) finder

Inon Kaplan (Independent researcher) finder

Ron Even (Independent researcher) finder

References

fuchsia.googlesource.com/...6b3140f9175d6cf6ac4eb4e775f8dea8

fuchsia.googlesource.com/...cd013441daf4492f1ead349a9e5b80dc

cve.org (CVE-2024-10604)

nvd.nist.gov (CVE-2024-10604)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-10604

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.