CVE-2024-10604 MEDIUM

CVE-2024-10604: Identifiable Header Values In Fuchsia Leading To Tracking of The User

Weakness CWE-330 · Insufficient randomness
Published January 30, 2025
Last update February 24, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances

Key dates

02Disclosure timeline

January 30, 2025 CVE published
February 24, 2025 Record updated