Download our Latest Industry Report – Continuous Offensive Security Outlook 2026

Download Report
Back to Vulnerability List

OpenSSH: OpenSSH sshd Signal-Handler Race (“regreSSHion”) — Unauthenticated Pre-Auth RCE

CVE-2024-6387 High Published
CVSS
8.1 High · Network · No PR
EPSS
0.57627 57.6% chance of exploit in 30d
CWE
CWE-364 Signal Handler Race Condition
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Per the OpenSSH 9.8 release notes: “A critical vulnerability in sshd(8) was present in Portable OpenSSH versions between 8.5p1 and 9.7p1 (inclusive) that may allow arbitrary code execution with root privileges.” Praetorian’s blog frames it: “the vulnerability is a regression of CVE-2006-5051, hence its nickname: ‘RegreSSHion’.”

Affected Packages / Versions

  • Package: openssh (sshd)
  • Latest published version at triage time: OpenSSH 9.7p1
  • Affected range: Per OpenSSH 9.8 release notes: "Portable OpenSSH versions between 8.5p1 and 9.7p1 (inclusive)"
  • Patched version: OpenSSH 9.8p1, released 2024-07-01 (per openssh.com/txt/release-9.8)

Impact

Per the OpenSSH 9.8 release notes: “Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with ASLR. Under lab conditions, the attack requires on average 6-8 hours of continuous connections up to the maximum the server will accept. Exploitation on 64-bit systems is believed to be possible but has not been demonstrated at this time. … OpenBSD is not vulnerable.”

Severity Rationale

NVD CVSS 8.1 (High): network AV, high attack complexity (the race), no privileges, no UI, full CIA. The OpenSSH advisory labels the issue “critical.”

Fix

Per the OpenSSH 9.8 release notes: upgrade to OpenSSH 9.8p1“ (released 2024-07-01) or apply the distribution backport. Multiple Red Hat / Debian / Ubuntu / SUSE / NetApp / FreeBSD / NetBSD / Apple advisories list backported fixes.

Disclosure timeline

  • TBDReported to OpenSSH (Qualys TRU)
  • Jul 1, 2024Patch released (OpenSSH 9.8p1)
  • Jul 1, 2024Public disclosure

Fix Commit(s)

  • See OpenSSH 9.8p1 release notes (openssh.com/txt/release-9.8)

References

Discovered by Original disclosure: Qualys Threat Research Unit (per OpenSSH release notes: "We thank the Qualys Security Advisory Team for discovering, reporting and demonstrating exploitability"). Praetorian: published a Chariot detection capability. · Published April 29, 2026