CVE-2024-10603

Medium CVSS: 6.3

Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances.

Vendor

Google

Product

Gvisor

CWE

CWE-340

Yayın Tarihi

2025-01-30 20:15:32

Güncelleme

2025-07-29 18:33:17

Source Identifier

cve-coordination@google.com

KEV Date Added

Kategoriler

CWE-340 Gvisor MEDIUM Google 2025

Referanslar

https://github.com/google/gvisor/commit/5d2bf2546805afa09a6f6d9b23ec267823e32205 https://github.com/google/gvisor/commit/83f75082e5b03fafca9201d9d9939028f712b0b2 https://github.com/google/gvisor/commit/cbdb2c61b1f753834cedf2ebe68cbc335dadca52 https://www.ndss-symposium.org/wp-content/uploads/2025-122-paper.pdf

Benzer Kayıtlar

High

CVE-2026-5292

Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of…

Medium

CVE-2026-5291

Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain poten…

Critical

CVE-2026-5290

Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the…

Critical

CVE-2026-5289

Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the…

Critical

CVE-2026-5288

Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker who had compromi…

High

CVE-2026-5287

Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code insid…