Fuchsia TCP/UDP Header ID Guessing CVE-2024-10604
CVE-2024-10604 Published on January 30, 2025
Identifiable Header Values In Fuchsia Leading To Tracking of The User
Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances
Weakness Type
Use of Insufficiently Random Values
The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that will be generated, and use this guess to impersonate another user or access sensitive information.
Products Associated with CVE-2024-10604
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-10604 are published in Google Fuchsia:
Affected Versions
Google Fuchsia Version Release F19 is unaffected by CVE-2024-10604Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.