CVE-2024-10603 MEDIUM

CVE-2024-10603

Weakness CWE-340
Published January 30, 2025
Last update February 24, 2025

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances.

Key dates

02Disclosure timeline

January 30, 2025 CVE published
February 24, 2025 Record updated