CVE-2024-10603

Опубликовано: 30 янв. 2025

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances.

Ссылки

https://github.com/google/gvisor/commit/5d2bf2546805afa09a6f6d9b23ec267823e32205
Patch
https://github.com/google/gvisor/commit/83f75082e5b03fafca9201d9d9939028f712b0b2
Patch
https://github.com/google/gvisor/commit/cbdb2c61b1f753834cedf2ebe68cbc335dadca52
Patch
https://www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf
Exploit
Mitigation
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:google:gvisor:*:*:*:*:*:*:*:*

Версия до 20231030.0 (исключая)

cpe:2.3:a:google:gvisor:20231106.0:*:*:*:*:*:*:*

EPSS

Процентиль: 26%

0.0009

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-340

Связанные уязвимости

CVE-2024-10603

CVSS3: 5.3

ubuntu

около 1 года назад

Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances.

GHSA-98hx-vmw6-46w7

CVSS3: 5.3

github

около 1 года назад

Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances.

EPSS

Процентиль: 26%

0.0009

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-340