{"id":"AZL-43140","summary":"CVE-2024-39894 affecting package openssh for versions less than 9.8p1-1","details":"OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.","modified":"2026-04-01T05:15:00.197359Z","published":"2024-07-02T18:15:03Z","upstream":["CVE-2024-39894"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39894"}],"affected":[{"package":{"name":"openssh","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/openssh"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.8p1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-43140.json"}}],"schema_version":"1.7.5"}