CVE-2024-8096

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.

Open

LOW (3.5)

System detected CVE-2024-8096 with a risk of 3.45
main
System created a ticket for CVE-2024-8096
main
Everything after this entry will be synced with the external system. The ticket can be found at https://github.com/l3montree-dev/devguard-action/issues/112
S
Sebastian Kawelke updated the risk assessment from 3.45 to 3
attesting
Confidentiality Requirement updated: high -> low, Availability Requirement updated: low -> high
S
Sebastian Kawelke updated the risk assessment from 3.45 to 3
0.12.0
Confidentiality Requirement updated: high -> low, Availability Requirement updated: low -> high
S
Sebastian Kawelke updated the risk assessment from 3 to 3.45
attesting
Confidentiality Requirement updated: low -> high
S
Sebastian Kawelke updated the risk assessment from 3 to 3.45
0.12.0
Confidentiality Requirement updated: low -> high
System fixed CVE-2024-8096
0.12.0
System fixed CVE-2024-8096
attesting
System detected CVE-2024-8096 with a risk of 3.46
0.12.0

Add a comment

Last calculated at:

Affected component

debian/curl

Installed version:

7.88.1-10

Fixed in:

no patch available

Show in dependency graph

🛡️ DevGuard
Group
/🧩 DevGuard Action
Repository

CVE-2024-8096

Add a comment

Affected component

Management decisions across the organization