CVE-2024-39894

🗓️ 02 Jul 2024 18:15:00Reported by ubuntu.comType

ubuntucve

ubuntucve🔗 ubuntu.com👁 32 Views

OpenSSH 9.5-9.7 allows timing attacks for password entry and keystroke entry due to ObscureKeystrokeTiming logic erro

Reporter	Title	Published	Views	Family All 44
FreeBSD	FreeBSD -- OpenSSH Keystroke Obfuscation Bypass	29 Jan 202500:00	–	freebsd
IBM Security Bulletins	Security Bulletin: IBM i is affected by a timing attack, handling signals in an unsafe manner, and uncontrolled memory consumption due to vulnerabilities in OpenSSH [CVE-2024-39894, CVE-2024-6387, CVE-2025-26466].	7 Aug 202515:48	–	ibm
AlpineLinux	CVE-2024-39894	2 Jul 202418:15	–	alpinelinux
Apple	About the security content of macOS Sequoia 15	16 Sep 202400:00	–	apple
AstraLinux	Astra Linux – Vulnerability in OpenSSH	23 Nov 202403:04	–	astralinux
Tenable Nessus	Azure Linux 3.0 Security Update: openssh (CVE-2024-39894)	22 Jan 202600:00	–	nessus
Tenable Nessus	FreeBSD : FreeBSD -- OpenSSH Keystroke Obfuscation Bypass (69e19c0b-debc-11ef-87ba-002590c1f29c)	30 Jan 202500:00	–	nessus
Tenable Nessus	Juniper Junos OS Multiple Vulnerabilities (JSA92873)	28 Apr 202600:00	–	nessus
Tenable Nessus	macOS 15.x < 15.0 Multiple Vulnerabilities (121238)	7 Jan 202500:00	–	nessus
Tenable Nessus	OpenSSH < 9.8 RCE	1 Jul 202400:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	24.04	any	openssh	1:9.6p1-3ubuntu13.4	openssh_1:9.6p1-3ubuntu13.4_any.deb

Source	Link
cve	www.cve.org/CVERecord
lists	www.lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html
openwall	www.openwall.com/lists/oss-security/2024/07/02/1
openssh	www.openssh.com/txt/release-9.8
ubuntu	www.ubuntu.com/security/notices/USN-6887-1

26 Aug 2025 00:28Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.17.5

EPSS0.01479

SSVC

openssh timing attacks password entry keystroke entry obscurekeystroketiming error security support