CVE-2024-10604 — Use of Insufficiently Random Values in Google Fuchsia

CWE-330 — Use of Insufficiently Random Values3 documents3 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 71.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Fuchsia

Timeline

PublishedJan 30

Description

Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Affected Packages1 packages

▶NVDgoogle/fuchsiaf17 — f20+1

Patches

Patch: fuchsia.googlesource.com ↗Patch: fuchsia.googlesource.com ↗

🔴Vulnerability Details

CVEList

Identifiable Header Values In Fuchsia Leading To Tracking of The User↗2025-01-30

▶

GHSA

GHSA-mhfq-8c27-vp58: Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP sou↗2025-01-30

▶