CVE-2024-6387: regreSSHion (OpenSSH RCE)

Score: 8.1
HIGH
Published: 2024-07-01Affected: OpenSSH 8.5p1 through 9.7p1CWE-362 β†—

What is regreSSHion?

A signal handler race condition in OpenSSH server (sshd) that allows unauthenticated remote code execution as root. A regression of CVE-2006-5051, reintroduced when async-signal-unsafe functions were added to the SIGALRM handler.

Impact & Exploitation

Over 14 million potentially vulnerable OpenSSH instances identified on the internet. First unauthenticated RCE in OpenSSH in 18 years. Affects default sshd configurations.

Related Resources

πŸ” Related CWE Entries

πŸ“– Security Guides

πŸ”— External References

Precogs Logo

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

Base Score

CVSS8.1
SeverityHIGH
CWECWE-362
Published2024-07-01

Tags

opensshrcerace-conditionlinux

Quick Links

Is your system affected?

Precogs AI detects regreSSHion (OpenSSH RCE) in compiled binaries and firmware β€” even without source code.

Request Deep Analysis

Is Your System Still Exposed to Critical CVEs?

Vulnerabilities like CVE-2024-6387 regreSSHion (OpenSSH RCE) don’t just exist in source code β€” they persist in compiled binaries, containers, and embedded systems. Precogs AI detects vulnerable components across your entire stack β€” even when source code isn’t available.

Request Deep AnalysisBook a demo