CVE-2024-39920 - OpenCVE

The TCP protocol in RFC 9293 has a timing side channel that makes it easier for remote attackers to infer the content of one TCP connection from a client system (to any server), when that client system is concurrently obtaining TCP data at a slow rate from an attacker-controlled server, aka the "SnailLoad" issue. For example, the attack can begin by measuring RTTs via the TCP segments whose role is to provide an ACK control bit and an Acknowledgment Number.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/IAIK/SnailLoad
https://news.ycombinator.com/item?id=40809629
https://nvd.nist.gov/vuln/detail/CVE-2024-39920
https://twitter.com/tugraz/status/1805272833322299412
https://www.cve.org/CVERecord?id=CVE-2024-39920
https://www.instagram.com/p/C8wpO1UtExw/
https://www.rfc-editor.org/rfc/rfc9293.txt
https://www.snailload.com
https://www.snailload.com/snailload.pdf
https://www.tugraz.at/en/tu-graz/services/news-stories/tu-graz-news/singleview/article/neue-sicherheitsluecke-erlaubt-ueberwachung-besuchter-websites-und-angesehener-videos

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-07-03T00:00:00

Updated: 2024-08-05T18:37:40.784Z

Reserved: 2024-07-03T00:00:00

Link: CVE-2024-39920

Vulnrichment

Updated: 2024-08-02T04:33:10.876Z

NVD

Status : Awaiting Analysis

Published: 2024-07-03T04:15:04.267

Modified: 2024-08-05T19:35:13.550

Link: CVE-2024-39920

Redhat

Severity : Moderate

Publid Date: 2024-07-03T06:11:00Z

Links: CVE-2024-39920 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-39920", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-05T18:37:40.784Z", "dateReserved": "2024-07-03T00:00:00", "datePublished": "2024-07-03T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-07-03T04:08:03.460268"}, "descriptions": [{"lang": "en", "value": "The TCP protocol in RFC 9293 has a timing side channel that makes it easier for remote attackers to infer the content of one TCP connection from a client system (to any server), when that client system is concurrently obtaining TCP data at a slow rate from an attacker-controlled server, aka the \"SnailLoad\" issue. For example, the attack can begin by measuring RTTs via the TCP segments whose role is to provide an ACK control bit and an Acknowledgment Number."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.snailload.com"}, {"url": "https://www.snailload.com/snailload.pdf"}, {"url": "https://github.com/IAIK/SnailLoad"}, {"url": "https://www.rfc-editor.org/rfc/rfc9293.txt"}, {"url": "https://www.tugraz.at/en/tu-graz/services/news-stories/tu-graz-news/singleview/article/neue-sicherheitsluecke-erlaubt-ueberwachung-besuchter-websites-und-angesehener-videos"}, {"url": "https://twitter.com/tugraz/status/1805272833322299412"}, {"url": "https://news.ycombinator.com/item?id=40809629"}, {"url": "https://www.instagram.com/p/C8wpO1UtExw/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:33:10.876Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.snailload.com", "tags": ["x_transferred"]}, {"url": "https://www.snailload.com/snailload.pdf", "tags": ["x_transferred"]}, {"url": "https://github.com/IAIK/SnailLoad", "tags": ["x_transferred"]}, {"url": "https://www.rfc-editor.org/rfc/rfc9293.txt", "tags": ["x_transferred"]}, {"url": "https://www.tugraz.at/en/tu-graz/services/news-stories/tu-graz-news/singleview/article/neue-sicherheitsluecke-erlaubt-ueberwachung-besuchter-websites-und-angesehener-videos", "tags": ["x_transferred"]}, {"url": "https://twitter.com/tugraz/status/1805272833322299412", "tags": ["x_transferred"]}, {"url": "https://news.ycombinator.com/item?id=40809629", "tags": ["x_transferred"]}, {"url": "https://www.instagram.com/p/C8wpO1UtExw/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-1255", "lang": "en", "description": "CWE-1255 Comparison Logic is Vulnerable to Power Side-Channel Attacks"}]}], "affected": [{"vendor": "ietf", "product": "tcp", "cpes": ["cpe:2.3:a:ietf:tcp:9293:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "9293", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-05T18:27:41.004792Z", "id": "CVE-2024-39920", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-05T18:37:40.784Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.snailload.com", "tags": ["x_transferred"]}, {"url": "https://www.snailload.com/snailload.pdf", "tags": ["x_transferred"]}, {"url": "https://github.com/IAIK/SnailLoad", "tags": ["x_transferred"]}, {"url": "https://www.rfc-editor.org/rfc/rfc9293.txt", "tags": ["x_transferred"]}, {"url": "https://www.tugraz.at/en/tu-graz/services/news-stories/tu-graz-news/singleview/article/neue-sicherheitsluecke-erlaubt-ueberwachung-besuchter-websites-und-angesehener-videos", "tags": ["x_transferred"]}, {"url": "https://twitter.com/tugraz/status/1805272833322299412", "tags": ["x_transferred"]}, {"url": "https://news.ycombinator.com/item?id=40809629", "tags": ["x_transferred"]}, {"url": "https://www.instagram.com/p/C8wpO1UtExw/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:33:10.876Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-39920", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-05T18:27:41.004792Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ietf:tcp:9293:*:*:*:*:*:*:*"], "vendor": "ietf", "product": "tcp", "versions": [{"status": "affected", "version": "9293"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1255", "description": "CWE-1255 Comparison Logic is Vulnerable to Power Side-Channel Attacks"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-05T18:26:40.716Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.snailload.com"}, {"url": "https://www.snailload.com/snailload.pdf"}, {"url": "https://github.com/IAIK/SnailLoad"}, {"url": "https://www.rfc-editor.org/rfc/rfc9293.txt"}, {"url": "https://www.tugraz.at/en/tu-graz/services/news-stories/tu-graz-news/singleview/article/neue-sicherheitsluecke-erlaubt-ueberwachung-besuchter-websites-und-angesehener-videos"}, {"url": "https://twitter.com/tugraz/status/1805272833322299412"}, {"url": "https://news.ycombinator.com/item?id=40809629"}, {"url": "https://www.instagram.com/p/C8wpO1UtExw/"}], "descriptions": [{"lang": "en", "value": "The TCP protocol in RFC 9293 has a timing side channel that makes it easier for remote attackers to infer the content of one TCP connection from a client system (to any server), when that client system is concurrently obtaining TCP data at a slow rate from an attacker-controlled server, aka the \"SnailLoad\" issue. For example, the attack can begin by measuring RTTs via the TCP segments whose role is to provide an ACK control bit and an Acknowledgment Number."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-07-03T04:08:03.460268"}}}, "cveMetadata": {"cveId": "CVE-2024-39920", "state": "PUBLISHED", "dateUpdated": "2024-08-05T18:37:40.784Z", "dateReserved": "2024-07-03T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-07-03T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The TCP protocol in RFC 9293 has a timing side channel that makes it easier for remote attackers to infer the content of one TCP connection from a client system (to any server), when that client system is concurrently obtaining TCP data at a slow rate from an attacker-controlled server, aka the \"SnailLoad\" issue. For example, the attack can begin by measuring RTTs via the TCP segments whose role is to provide an ACK control bit and an Acknowledgment Number."}, {"lang": "es", "value": "El protocolo TCP en RFC 9293 tiene un canal lateral de temporizaci\u00f3n que facilita a atacantes remotos inferir el contenido de una conexi\u00f3n TCP desde un sistema cliente (a cualquier servidor), cuando ese sistema cliente est\u00e1 obteniendo simult\u00e1neamente datos TCP a una velocidad lenta desde un servidor controlado por un atacante, tambi\u00e9n conocido como el problema \"SnailLoad\". Por ejemplo, el ataque puede comenzar midiendo los RTT a trav\u00e9s de los segmentos TCP cuya funci\u00f3n es proporcionar un bit de control ACK y un n\u00famero de reconocimiento."}], "id": "CVE-2024-39920", "lastModified": "2024-08-05T19:35:13.550", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-07-03T04:15:04.267", "references": [{"source": "cve@mitre.org", "url": "https://github.com/IAIK/SnailLoad"}, {"source": "cve@mitre.org", "url": "https://news.ycombinator.com/item?id=40809629"}, {"source": "cve@mitre.org", "url": "https://twitter.com/tugraz/status/1805272833322299412"}, {"source": "cve@mitre.org", "url": "https://www.instagram.com/p/C8wpO1UtExw/"}, {"source": "cve@mitre.org", "url": "https://www.rfc-editor.org/rfc/rfc9293.txt"}, {"source": "cve@mitre.org", "url": "https://www.snailload.com"}, {"source": "cve@mitre.org", "url": "https://www.snailload.com/snailload.pdf"}, {"source": "cve@mitre.org", "url": "https://www.tugraz.at/en/tu-graz/services/news-stories/tu-graz-news/singleview/article/neue-sicherheitsluecke-erlaubt-ueberwachung-besuchter-websites-und-angesehener-videos"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1255"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: TCP: SnailLoad timing side channel in TCP", "id": "2295326", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295326"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-385", "details": ["The TCP protocol in RFC 9293 has a timing side channel that makes it easier for remote attackers to infer the content of one TCP connection from a client system (to any server), when that client system is concurrently obtaining TCP data at a slow rate from an attacker-controlled server, aka the \"SnailLoad\" issue. For example, the attack can begin by measuring RTTs via the TCP segments whose role is to provide an ACK control bit and an Acknowledgment Number.", "A flaw was found in the TCP protocol in RFC 9293. The TCP protocol has a timing side channel that makes it easier for remote attackers to infer the content of one TCP connection from a client system (to any server) when that client system is concurrently obtaining TCP data at a slow rate from an attacker-controlled server, aka the \"SnailLoad\" issue."], "name": "CVE-2024-39920", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-03T06:11:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-39920\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-39920\nhttps://github.com/IAIK/SnailLoad\nhttps://news.ycombinator.com/item?id=40809629\nhttps://twitter.com/tugraz/status/1805272833322299412\nhttps://www.instagram.com/p/C8wpO1UtExw/\nhttps://www.rfc-editor.org/rfc/rfc9293.txt\nhttps://www.snailload.com\nhttps://www.snailload.com/snailload.pdf\nhttps://www.tugraz.at/en/tu-graz/services/news-stories/tu-graz-news/singleview/article/neue-sicherheitsluecke-erlaubt-ueberwachung-besuchter-websites-und-angesehener-videos"], "threat_severity": "Moderate"}