CVE-2024-10603
5.3MEDIUMWeaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances.
Publicado: 1/30/2025Actualizado: 7/29/2025
Descripción
Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances.
Análisis IAImpulsado por IA
Productos Afectados
googlegvisor
googlegvisor
20231106.0
Referencias
- https://github.com/google/gvisor/commit/5d2bf2546805afa09a6f6d9b23ec267823e32205Patch
- https://github.com/google/gvisor/commit/83f75082e5b03fafca9201d9d9939028f712b0b2Patch
- https://github.com/google/gvisor/commit/cbdb2c61b1f753834cedf2ebe68cbc335dadca52Patch
- https://www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdfExploitMitigationTechnical DescriptionThird Party Advisory