cbcvebase.
CVE-2024-8096
published 2024-09-11

CVE-2024-8096: When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it…

medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.

Affected

113 ranges· showing 25
VendorProductVersion rangeFixed in
curlcurl7.41.0 – 7.41.0
curlcurl7.42.0 – 7.42.0
curlcurl7.42.1 – 7.42.1
curlcurl7.43.0 – 7.43.0
curlcurl7.44.0 – 7.44.0
curlcurl7.45.0 – 7.45.0
curlcurl7.46.0 – 7.46.0
curlcurl7.47.0 – 7.47.0
curlcurl7.47.1 – 7.47.1
curlcurl7.48.0 – 7.48.0
curlcurl7.49.0 – 7.49.0
curlcurl7.49.1 – 7.49.1
curlcurl7.50.0 – 7.50.0
curlcurl7.50.1 – 7.50.1
curlcurl7.50.2 – 7.50.2
curlcurl7.50.3 – 7.50.3
curlcurl7.51.0 – 7.51.0
curlcurl7.52.0 – 7.52.0
curlcurl7.52.1 – 7.52.1
curlcurl7.53.0 – 7.53.0
curlcurl7.53.1 – 7.53.1
curlcurl7.54.0 – 7.54.0
curlcurl7.54.1 – 7.54.1
curlcurl7.55.0 – 7.55.0
curlcurl7.55.1 – 7.55.1

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
osv6.5MEDIUM