CVE-2024-8096

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-8096

Severity

6.5

Medium

CVSS V3

Description

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.

References

https://images.chainguard.dev/security/CGA-g55g-qx76-5fjj
https://github.com/advisories/GHSA-gv3v-x3f3-7fxm
https://curl.se/docs/CVE-2024-8096.html
https://curl.se/docs/CVE-2024-8096.json
https://hackerone.com/reports/2669852
http://www.openwall.com/lists/oss-security/2024/09/11/1
https://lists.debian.org/debian-lts-announce/2024/11/msg00008.html
https://security.netapp.com/advisory/ntap-20241011-0005/

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2024-8096

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company