CVE-2024-0853

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-0853

Severity

5.3

Medium

CVSS V3

Description

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (OCSP stapling) test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check.

References

https://images.chainguard.dev/security/CGA-w4px-x37v-694c
https://github.com/advisories/GHSA-697h-9h25-w4fm
https://curl.se/docs/CVE-2024-0853.html
https://curl.se/docs/CVE-2024-0853.json
https://security.netapp.com/advisory/ntap-20240307-0004/
https://security.netapp.com/advisory/ntap-20240426-0009/
https://security.netapp.com/advisory/ntap-20240503-0012/
https://hackerone.com/reports/2298922

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2024-0853

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company