CVE-2024-39920

A flaw was found in the TCP protocol in RFC 9293. The TCP protocol has a timing side channel that makes it easier for remote attackers to infer the content of one TCP connection from a client system to any server when that client system is concurrently obtaining TCP data at a slow rate from an...

CVE-2024-39920

The TCP protocol in RFC 9293 has a timing side channel that makes it easier for remote attackers to infer the content of one TCP connection from a client system to any server, when that client system is concurrently obtaining TCP data at a slow rate from an attacker-controlled server, aka the...

CVE-2024-39920

The CVE-2024-39920 entry describes a timing side channel in TCP (RFC 9293), dubbed the SnailLoad issue, where an attacker can infer the content of a client’s TCP connection when the client concurrently receives data from an attacker-controlled server. The attack is illustrated by measuring RTTs o...

CVE-2024-39920

The TCP protocol in RFC 9293 has a timing side channel that makes it easier for remote attackers to infer the content of one TCP connection from a client system to any server, when that client system is concurrently obtaining TCP data at a slow rate from an attacker-controlled server, aka the...

[Security Nation] Chris Levendis and Lisa Olson on Cloud CVEs

!\Security Nation\ Chris Levendis and Lisa Olson on Cloud CVEshttps://blog.rapid7.com/content/images/2022/09/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod chat with Chris Levendis of MITRE and Lisa Olson of Microsoft about assigning CVE IDs for vulnerabilities affecting...