CVE-2024-10604

MEDIUM

Fuchsia < f16 - Use of Insufficiently Random Values in Network Protocol Header Fields

Title source: llm

Description

Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances

References (3)

Core 3

Core References

Patch

https://fuchsia.googlesource.com/fuchsia/+/40e7fbcdcd013441daf4492f1ead349a9e5b80dc

Patch

https://fuchsia.googlesource.com/fuchsia/+/a3c17a4d6b3140f9175d6cf6ac4eb4e775f8dea8

Exploit, Mitigation, Third Party Advisory

https://www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf

Scores

CVSS v3 5.3

EPSS 0.0022

EPSS Percentile 12.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-330

Status published

Products (1)

google/fuchsia < f16

Published Jan 30, 2025

Tracked Since Feb 18, 2026