Back to KEVs

CVE-2024-6387

Openssh: regresshion - race condition in ssh allows rce/dos

Basic Information

CVE State
PUBLISHED
Reserved Date
June 27, 2024
Published Date
July 01, 2024
Last Updated
May 21, 2025
Vendor
, Red Hat
Product
, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, Red Hat Enterprise Linux 9.2 Extended Update Support, Red Hat OpenShift Container Platform 4.13, Red Hat OpenShift Container Platform 4.14, Red Hat OpenShift Container Platform 4.15, Red Hat OpenShift Container Platform 4.16, Red Hat Ceph Storage 5, Red Hat Ceph Storage 6, Red Hat Ceph Storage 7, Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8
Description
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

CVSS Scores

CVSS v3.1

8.1 - HIGH

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Score
50.81% (Percentile: 97.70%) as of 2025-06-12

SSVC Information

Exploitation
poc
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2025-06-12 16:33:23 UTC) Source

References

https://access.redhat.com/errata/RHSA-2024:4312 https://access.redhat.com/errata/RHSA-2024:4340 https://access.redhat.com/errata/RHSA-2024:4389 https://access.redhat.com/errata/RHSA-2024:4469 https://access.redhat.com/errata/RHSA-2024:4474 https://access.redhat.com/errata/RHSA-2024:4479 https://access.redhat.com/errata/RHSA-2024:4484 https://access.redhat.com/security/cve/CVE-2024-6387 https://bugzilla.redhat.com/show_bug.cgi?id=2294604 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html https://www.openssh.com/txt/release-9.8 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt

Recent Mentions

Siemens SIMATIC S7-1500 CPU Family

Source: All CISA Advisories • Published: 2025-06-12 12:00:00 UTC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1500 CPU family Vulnerabilities: Missing Encryption of Sensitive Data, Out-of-bounds Read, Use After Free, Stack-based Buffer Overflow, Incorrect Provision of Specified Functionality, Out-of-bounds Write, Incorrect Calculation of Buffer Size, Heap-based Buffer Overflow, External Control of File Name or Path, Uncontrolled Resource Consumption, Improper Input Validation, Truncation of Security-relevant Information, Missing Critical Step in Authentication, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Access of Resource Using Incompatible Type ('Type Confusion'), Signal Handler Race Condition, Inefficient Algorithmic Complexity, Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), NULL Pointer Dereference, Reachable Assertion, Return of Pointer Value Outside of Expected Range, Improper Handling of Length Parameter Inconsistency, Integer Overflow or Wraparound, Improper Locking, Improper Validation of Array Index, Buffer Underwrite ('Buffer Underflow'), Use of Uninitialized Resource, Detection of Error Condition Without Action, Premature Release of Resource During Expected Lifetime 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to affect the confidentiality, integrity, or availability of affected devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0): V3.1.5 and...

Scanner Integrations

Scanner URL Date Detected
Nessus https://www.tenable.com/plugins/nessus/206464 2024-09-03 15:23:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

AzrDll/CVE-2024-6387

Type: github • Created: 2025-01-20 09:38:40 UTC • Stars: 2

This is an altered PoC for d0rb/CVE-2024-6387. This takes glibc addresses and trys to exploit the CVE through them.

YassDEV221608/CVE-2024-6387_PoC

Type: github • Created: 2025-01-04 00:25:33 UTC • Stars: 12

anhvutuan/CVE-2024-6387-poc-1

Type: github • Created: 2024-10-22 04:50:10 UTC • Stars: 2

CVE-2024-6387, also known as RegreSSHion, is a high-severity vulnerability found in OpenSSH servers (sshd) running on glibc-based Linux systems. It is a regression of a previously fixed vulnerability (CVE-2006-5051), which means the issue was reintroduced in newer versions of OpenSSH.

identity-threat-labs/CVE-2024-6387-Vulnerability-Checker

Type: github • Created: 2024-08-28 13:28:08 UTC • Stars: 2

This Python script checks for the CVE-2024-6387 vulnerability in OpenSSH servers. It supports multiple IP addresses, URLs, CIDR ranges, and ports. The script can also read addresses from a file.

l-urk/CVE-2024-6387

Type: github • Created: 2024-07-30 06:13:11 UTC • Stars: 10

Proof of concept python script for regreSSHion exploit.

prelearn-code/CVE-2024-6387

Type: github • Created: 2024-07-25 02:32:19 UTC • Stars: 2

ThatNotEasy/CVE-2024-6387

Type: github • Created: 2024-07-15 16:04:57 UTC • Stars: 2

OpenSSH RCE Massive Vulnerable Scanner

filipi86/CVE-2024-6387-Vulnerability-Checker

Type: github • Created: 2024-07-09 17:40:19 UTC • Stars: 96

This Python script checks for the CVE-2024-6387 vulnerability in OpenSSH servers. It supports multiple IP addresses, URLs, CIDR ranges, and ports. The script can also read addresses from a file.

Karmakstylez/CVE-2024-6387

Type: github • Created: 2024-07-08 11:27:49 UTC • Stars: 99

Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387)

azurejoga/CVE-2024-6387-how-to-fix

Type: github • Created: 2024-07-05 21:29:11 UTC • Stars: 5

Vulnerability remediation and mitigationCVE-2024-6387

lala-amber/CVE-2024-6387

Type: github • Created: 2024-07-04 13:28:53 UTC • Stars: 3

Symbolexe/CVE-2024-6387

Type: github • Created: 2024-07-03 08:22:57 UTC • Stars: 2

SSH Exploit for CVE-2024-6387 : RCE in OpenSSH's server, on glibc-based Linux systems

sxlmnwb/CVE-2024-6387

Type: github • Created: 2024-07-03 06:08:32 UTC • Stars: 13

Targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems.

l0n3m4n/CVE-2024-6387

Type: github • Created: 2024-07-02 18:32:46 UTC • Stars: 90

PoC - Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (Scanner and Exploit)

th3gokul/CVE-2024-6387

Type: github • Created: 2024-07-02 17:04:52 UTC • Stars: 5

CVE-2024-6387 : Vulnerability Detection tool for regreSSHion Remote Unauthenticated Code Execution in OpenSSH Server

MrR0b0t19/CVE-2024-6387-Exploit-POC

Type: github • Created: 2024-07-02 16:34:12 UTC • Stars: 3

AiGptCode/ssh_exploiter_CVE-2024-6387

Type: github • Created: 2024-07-02 12:57:35 UTC • Stars: 10

CVE-2024-6387 with auto ip scanner and auto expliot

ACHUX21/checker-CVE-2024-6387

Type: github • Created: 2024-07-02 12:48:27 UTC • Stars: 2

devarshishimpi/CVE-2024-6387-Check

Type: github • Created: 2024-07-02 11:55:39 UTC • Stars: 13

CVE-2024-6387 Checker is a fast, efficient tool for detecting OpenSSH servers vulnerable to the regreSSHion exploit. It quickly scans multiple IPs, domain names, and CIDR ranges to identify risks and help secure your infrastructure.

PrincipalAnthony/CVE-2024-6387-Updated-x64bit

Type: github • Created: 2024-07-02 09:45:04 UTC • Stars: 3

Private x64 RCE exploit for CVE-2024-6387 [02.07.2024] from exploit.in

paradessia/CVE-2024-6387-nmap

Type: github • Created: 2024-07-02 08:19:55 UTC • Stars: 3

CVE-2024-6387-nmap

d0rb/CVE-2024-6387

Type: github • Created: 2024-07-02 06:53:35 UTC • Stars: 41

This Python script exploits a remote code execution vulnerability (CVE-2024-6387) in OpenSSH.

thegenetic/CVE-2024-6387-exploit

Type: github • Created: 2024-07-02 04:09:44 UTC • Stars: 14

CVE-2024-6387 exploit

ahlfors/CVE-2024-6387

Type: github • Created: 2024-07-02 03:42:35 UTC • Stars: 2

TAM-K592/CVE-2024-6387

Type: github • Created: 2024-07-02 02:51:37 UTC • Stars: 10

Recently, the OpenSSH maintainers released security updates to fix a critical vulnerability that could lead to unauthenticated remote code execution (RCE) with root privileges. This vulnerability, identified as CVE-2024-6387, resides in the OpenSSH server component (sshd), which is designed to listen for connections from client applications.

muyuanlove/CVE-2024-6387fixshell

Type: github • Created: 2024-07-02 02:35:24 UTC • Stars: 2

AiK1d/CVE-2024-6387

Type: github • Created: 2024-07-02 01:08:05 UTC • Stars: 6

SSH RCE PoC CVE-2024-6387

bigb0x/CVE-2024-6387

Type: github • Created: 2024-07-01 20:45:53 UTC • Stars: 31

Bulk Scanning Tool for OpenSSH CVE-2024-6387, CVE-2006-5051 , CVE-2008-4109 and others.

xaitax/CVE-2024-6387_Check

Type: github • Created: 2024-07-01 20:33:20 UTC • Stars: 482

CVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH

getdrive/CVE-2024-6387-PoC

Type: github • Created: 2024-07-01 12:51:18 UTC • Stars: 23

PoC RCE in OpenSSH

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Detected by Nessus