AZL-43140

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-43140.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-43140

Upstream

CVE-2024-39894

Published

2024-07-02T18:15:03Z

Modified

2026-04-01T05:15:00.197359Z

Summary

CVE-2024-39894 affecting package openssh for versions less than 9.8p1-1

Details

OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-39894

Affected packages

Azure Linux:3 / openssh

Package

Name: openssh
Purl: pkg:rpm/azure-linux/openssh

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.8p1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-43140.json"