High severity7.5NVD Advisory· Published Jul 2, 2024· Updated Apr 15, 2026
CVE-2024-39894
CVE-2024-39894
Description
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- Range: >=9.5, <9.8
- osv-coords6 versionspkg:rpm/opensuse/openssh-askpass-gnome&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/openssh&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/openssh&distro=openSUSE%20Tumbleweedpkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Micro%206.0
< 9.6p1-150600.6.6.1+ 5 more
- (no CPE)range: < 9.6p1-150600.6.6.1
- (no CPE)range: < 9.6p1-150600.6.6.1
- (no CPE)range: < 9.6p1-11.1
- (no CPE)range: < 9.6p1-150600.6.6.1
- (no CPE)range: < 9.6p1-150600.6.6.1
- (no CPE)range: < 9.6p1-2.1
Patches
Vulnerability mechanics
References
12- seclists.org/fulldisclosure/2024/Sep/33nvd
- www.openwall.com/lists/oss-security/2024/07/03/6nvd
- www.openwall.com/lists/oss-security/2024/07/23/4nvd
- www.openwall.com/lists/oss-security/2024/07/23/6nvd
- www.openwall.com/lists/oss-security/2024/07/28/3nvd
- crzphil.github.io/posts/ssh-obfuscation-bypass/nvd
- lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.htmlnvd
- news.ycombinator.com/itemnvd
- security.netapp.com/advisory/ntap-20240712-0004/nvd
- www.freebsd.org/security/advisories/FreeBSD-SA-25:01.openssh.ascnvd
- www.openssh.com/txt/release-9.8nvd
- www.openwall.com/lists/oss-security/2024/07/02/1nvd
News mentions
0No linked articles in our index yet.