CVE-2024-6387

Source
https://cve.org/CVERecord?id=CVE-2024-6387
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-6387.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-6387
Downstream
Related
Published
2024-07-01T12:37:25.431Z
Modified
2026-07-06T12:00:20.973571663Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Openssh: regresshion - race condition in ssh allows rce/dos
Details

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

Database specific
{
    "cna_assigner": "redhat",
    "cwe_ids": [
        "CWE-364"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/6xxx/CVE-2024-6387.json"
}
References

Affected packages

Git / github.com/openela-main/openssh

Affected ranges

Type
GIT
Repo
https://github.com/openela-main/openssh
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}
Type
GIT
Repo
https://github.com/openssh/openssh-portable
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.4"
        },
        {
            "last_affected": "4.4-NA"
        },
        {
            "last_affected": "8.5-p1"
        },
        {
            "last_affected": "8.6-NA"
        },
        {
            "introduced": "8.6"
        },
        {
            "last_affected": "9.8"
        }
    ],
    "cpe": [
        "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:openbsd:openssh:4.4:-:*:*:*:*:*:*",
        "cpe:2.3:a:openbsd:openssh:8.5:p1:*:*:*:*:*:*",
        "cpe:2.3:a:openbsd:openssh:8.6:-:*:*:*:*:*:*"
    ],
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ]
}
Type
GIT
Repo
https://github.com/powershell/win32-openssh
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "10"
        }
    ],
    "cpe": "cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*",
    "source": "CPE_STRING"
}
Type
GIT
Repo
https://github.com/rapier1/hpn-ssh
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "8.5p1"
        },
        {
            "last_affected": "9.7p1"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

Other
10_13_2015
ABOUT_TO_ADD_INET_ATON
AFTER_FREEBSD_PAM_MERGE
AFTER_KRB5_GSSAPI_MERGE
BEFORE_FREEBSD_PAM_MERGE
BEFORE_KRB5_GSSAPI_MERGE
POST_KRB4_REMOVAL
PRE-REORDER
PRE_CYGWIN_MERGE
PRE_DAN_PATCH_MERGE
PRE_FIXPATHS_INTEGRATION
PRE_HPUX_INTEGRATION
PRE_IPV6
PRE_KRB4_REMOVAL
PRE_NEW_LOGIN_CODE
PRE_SW_KRBV
V_1_2PRE17
V_1_2_1_PRE18
V_1_2_1_PRE19
V_1_2_1_PRE20
V_1_2_1_PRE21
V_1_2_1_PRE22
V_1_2_1_PRE23
V_1_2_1_PRE24
V_1_2_1_PRE25
V_1_2_1_PRE26
V_1_2_1_PRE27
V_1_2_2
V_1_2_2_P1
V_1_2_2_PRE28
V_1_2_2_PRE29
V_1_2_3
V_1_2_3_PRE1
V_1_2_3_PRE2
V_1_2_3_PRE3
V_1_2_3_PRE4
V_1_2_3_PRE5
V_1_2_3_TEST1
V_1_2_3_TEST2
V_1_2_3_TEST3
V_1_2_PRE10
V_1_2_PRE11
V_1_2_PRE12
V_1_2_PRE13
V_1_2_PRE14
V_1_2_PRE15
V_1_2_PRE16
V_1_2_PRE4
V_1_2_PRE5
V_1_2_PRE6
V_1_2_PRE7
V_1_2_PRE8
V_1_2_PRE9
V_2_0_0_BETA1
V_2_0_0_BETA2
V_2_0_0_TEST1
V_2_1_0
V_2_1_0_P1
V_2_1_0_P2
V_2_1_0_P3
V_2_1_1_P1
V_2_1_1_P2
V_2_1_1_P3
V_2_1_1_P4
V_2_2_0_P1
V_2_3_0_P1
V_2_5_0_P1
V_2_5_1_P1
V_2_5_1_P2
V_2_5_2_P1
V_3_0_1_P1
V_3_0_P1
V_3_1_P1
V_3_2_2_P1
V_3_4_P1
V_3_6_1_P1
V_3_8_P1
V_3_9_P1
V_4_2_P1
imports/el9/openssh-8.*
imports/el9/openssh-8.7p1-30.el9_2
imports/el9/openssh-8.7p1-34.el9
imports/el9/openssh-8.7p1-34.el9_3.3
imports/el9/openssh-8.7p1-38.el9

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-6387.json"