CVE-2024-8096

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.

Open

LOW (3.5)

T
Tim Bastin detected CVE-2024-8096 with a risk of 3
main
T
Tim Bastin fixed CVE-2024-8096
main
T
Tim Bastin detected CVE-2024-8096 with a risk of 3
main
T
Tim Bastin detected CVE-2024-8096 with a risk of 3
0.9.0
System updated the risk assessment from 3 to 1.5
0.9.0
System recalculated raw risk assessment
System updated the risk assessment from 1.5 to 3
0.9.0
System recalculated raw risk assessment
System fixed CVE-2024-8096
main
System
0.9.0
System detected CVE-2024-8096 with a risk of 3
main
System
0.9.0
System fixed CVE-2024-8096
main
System detected CVE-2024-8096 with a risk of 3
main
System
0.9.0
T
Tim Bastin detected CVE-2024-8096 with a risk of 3
0.11.1
System
chore/adds-additional-env-flags
System updated the risk assessment from 1.5 to 3
chore/adds-additional-env-flags
System recalculated raw risk assessment
T
Tim Bastin
attest
System
examples
System
revert-c7057e5e
System
add/artifact-name-input
System
add/artifact-name-input
System
add/artifact-name-input
System
add/artifact-name-input
S
Sebastian Kawelke updated the risk assessment from 3 to 3.45
chore/adds-additional-env-flags
Confidentiality Requirement updated: low -> high
S
Sebastian Kawelke updated the risk assessment from 3 to 3.45
0.9.0
Confidentiality Requirement updated: low -> high
S
Sebastian Kawelke updated the risk assessment from 3 to 3.45
attest
Confidentiality Requirement updated: low -> high
S
Sebastian Kawelke updated the risk assessment from 3 to 3.45
revert-c7057e5e
Confidentiality Requirement updated: low -> high
S
Sebastian Kawelke updated the risk assessment from 3 to 3.45
0.11.1
Confidentiality Requirement updated: low -> high
S
Sebastian Kawelke updated the risk assessment from 3 to 3.45
examples
Confidentiality Requirement updated: low -> high
S
Sebastian Kawelke updated the risk assessment from 3 to 3.45
add/artifact-name-input
Confidentiality Requirement updated: low -> high
System fixed CVE-2024-8096
add/artifact-name-input
System fixed CVE-2024-8096
attest
System fixed CVE-2024-8096
0.11.1
System fixed CVE-2024-8096
examples
System fixed CVE-2024-8096
0.9.0
System fixed CVE-2024-8096
chore/adds-additional-env-flags
System fixed CVE-2024-8096
revert-c7057e5e
System detected CVE-2024-8096 with a risk of 3.46
add/artifact-name-input
System updated the risk assessment from 3.46 to 3.45
revert-c7057e5e
System recalculated raw risk assessment

Add a comment

Last calculated at:

Affected component

debian/curl

Installed version:

7.88.1-10

Fixed in:

no patch available

Show in dependency graph

🛡️ DevGuard
Group
/🧩 DevGuard CI-Components
Repository

CVE-2024-8096

Add a comment

Affected component

Management decisions across the organization