VDB

RHSA-2024%3A5432

RHSA-2024%3A5432 PUBLISHED CVSS 5.900000095367432 MEDIUM

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.

Risk Scores

CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

VendorProductVersions
Red Hatopenshift4/metallb-rhel9@sha256:9d2b03ac7babf2bb3ce2302e35eb54473816ff00ba6c152dc8c235bc679a978b_s390x as a component of Red Hat OpenShift Container Platform 4.14openshift4/metallb-rhel9@sha256:9d2b03ac7babf2bb3ce2302e35eb54473816ff00ba6c152dc8c235bc679a978b_s390x, openshift4/metallb-rhel9@sha256:9d2b03ac7babf2bb3ce2302e35eb54473816ff00ba6c152dc8c235bc679a978b_s390x
Red Hatopenshift4/ose-helm-operator@sha256:d551f48f66af80e712cae4dab7a43dd6c940b73f30fc27448224177d7f4004f5_amd64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-helm-operator@sha256:d551f48f66af80e712cae4dab7a43dd6c940b73f30fc27448224177d7f4004f5_amd64
Red Hatopenshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:361f86373d179f38adc2cce6849457d8197adb9da356920dc6b43cffd037ee58_s390x as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-secrets-store-csi-driver-rhel8-operator@sha256:361f86373d179f38adc2cce6849457d8197adb9da356920dc6b43cffd037ee58_s390x
Red Hatopenshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:7a85dbd79ef939cd141f31d453e5461aebaacd3e3a878edbe7d7994c25ca9f62_amd64 as a component of Red Hat OpenShift Container Platform 4.14*
Red Hatopenshift4/ose-cluster-capacity@sha256:c486852425f7e0b5b1355cca57f8b230310dbd34616c4aaaf1c8fa98fab2de44_arm64 as a component of Red Hat OpenShift Container Platform 4.14*, openshift4/ose-cluster-capacity@sha256:c486852425f7e0b5b1355cca57f8b230310dbd34616c4aaaf1c8fa98fab2de44_arm64
Red Hatopenshift4/ose-ptp-operator@sha256:a894a29c1c311f1a0040b15fa7622a2487647ee96689e5df5716095e7c2a9a4a_amd64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-ptp-operator@sha256:a894a29c1c311f1a0040b15fa7622a2487647ee96689e5df5716095e7c2a9a4a_amd64, openshift4/ose-ptp-operator@sha256:a894a29c1c311f1a0040b15fa7622a2487647ee96689e5df5716095e7c2a9a4a_amd64
Red Hatopenshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:306b103b805ff632922e6442fe68325f515e26795d399c44a5c08441c25dddcb_amd64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:306b103b805ff632922e6442fe68325f515e26795d399c44a5c08441c25dddcb_amd64
Red Hatopenshift4/ose-sriov-network-config-daemon@sha256:b704a8d885c490d1150626f5cfeec3553e08668b1080942628e5b278c5c75905_arm64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-sriov-network-config-daemon@sha256:b704a8d885c490d1150626f5cfeec3553e08668b1080942628e5b278c5c75905_arm64, openshift4/ose-sriov-network-config-daemon@sha256:b704a8d885c490d1150626f5cfeec3553e08668b1080942628e5b278c5c75905_arm64
Red Hatopenshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:bfb6d4200d07d37d9758810582e7240b166912a6f95be94a08a6eb7c01470e19_arm64 as a component of Red Hat OpenShift Container Platform 4.14*
Red Hatopenshift4/ose-vertical-pod-autoscaler-rhel8@sha256:e478793cc0dd3216bf74f6cf258a34984b30fb5efea6658c69c4c3d924697308_ppc64le as a component of Red Hat OpenShift Container Platform 4.14*
Red Hatopenshift4/ose-helm-operator@sha256:b93cabf0ce0bc050b14c8e3e4ecce0eda9cf6720a267af7404092d7894215b24_s390x as a component of Red Hat OpenShift Container Platform 4.14*, openshift4/ose-helm-operator@sha256:b93cabf0ce0bc050b14c8e3e4ecce0eda9cf6720a267af7404092d7894215b24_s390x
Red Hatopenshift4/ose-cloud-event-proxy-rhel8@sha256:12fbbfa8a4e582df416cce6db97ad3c0a654b4a9ee1ab7cfe5a51d775dc4ef32_amd64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-cloud-event-proxy-rhel8@sha256:12fbbfa8a4e582df416cce6db97ad3c0a654b4a9ee1ab7cfe5a51d775dc4ef32_amd64
Red Hatopenshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:1358967aff8898553929110037a9f22bf00cd6215ad9e1812291f7c415c2ded6_s390x as a component of Red Hat OpenShift Container Platform 4.14*, openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:1358967aff8898553929110037a9f22bf00cd6215ad9e1812291f7c415c2ded6_s390x
Red Hatopenshift4/ose-local-storage-operator@sha256:3cd7359249f3aeda5363c4fe5783da7a1ffc663dfb546daf12f03ee4d3b11990_arm64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-local-storage-operator@sha256:3cd7359249f3aeda5363c4fe5783da7a1ffc663dfb546daf12f03ee4d3b11990_arm64
Red Hatopenshift4/ose-cluster-nfd-operator@sha256:fe542198587d4be5ca08fa2a60036f656623fb2b0756a2c136f850303e578079_ppc64le as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-cluster-nfd-operator@sha256:fe542198587d4be5ca08fa2a60036f656623fb2b0756a2c136f850303e578079_ppc64le
Red Hatopenshift4/ose-ansible-operator@sha256:d83c2f0475c491c0b9ac02144842fd69235783ee9169f7c364b12037eca407d2_arm64 as a component of Red Hat OpenShift Container Platform 4.14*, *
Red Hatopenshift4/ose-sriov-network-device-plugin@sha256:50c67696a6a3efb274c1bc0f1046617b4f38c576897847794b02da0b1e5a659e_ppc64le as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-sriov-network-device-plugin@sha256:50c67696a6a3efb274c1bc0f1046617b4f38c576897847794b02da0b1e5a659e_ppc64le, openshift4/ose-sriov-network-device-plugin@sha256:50c67696a6a3efb274c1bc0f1046617b4f38c576897847794b02da0b1e5a659e_ppc64le
Red Hatopenshift4/ose-ptp-rhel9@sha256:1ff1f64a468371b6e0701a6b69c4ad3b1ae2965e1302f961eb255ab0bee0273d_arm64 as a component of Red Hat OpenShift Container Platform 4.14*, openshift4/ose-ptp-rhel9@sha256:1ff1f64a468371b6e0701a6b69c4ad3b1ae2965e1302f961eb255ab0bee0273d_arm64
Red Hatopenshift4/cloud-event-proxy-rhel8@sha256:34a1cc76e8fa73cdf86903767830af45d8f22d139bd31d78606fcf7d1ccb8834_arm64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/cloud-event-proxy-rhel8@sha256:34a1cc76e8fa73cdf86903767830af45d8f22d139bd31d78606fcf7d1ccb8834_arm64
Red Hatopenshift4/ose-ptp-rhel9@sha256:31846afb18c19ad967aaa24fbfe68c63239b6228e8ba844264cb18e881bc015f_amd64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-ptp-rhel9@sha256:31846afb18c19ad967aaa24fbfe68c63239b6228e8ba844264cb18e881bc015f_amd64

…and 296 more

Timeline

  • Aug 21, 2024 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • May 11, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›