CVE-2024-8096

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.

Open

LOW (3.5)

T
Tim Bastin detected CVE-2024-8096 with a risk of 3
main
T
Tim Bastin fixed CVE-2024-8096
main
T
Tim Bastin detected CVE-2024-8096 with a risk of 3
main
System fixed CVE-2024-8096
main
System detected CVE-2024-8096 with a risk of 3
main
System fixed CVE-2024-8096
main
System detected CVE-2024-8096 with a risk of 3
main
T
Tim Bastin
attest
System
add/artifact-name-input
System
add/artifact-name-input
System
add/artifact-name-input
System
add/artifact-name-input
S
Sebastian Kawelke updated the risk assessment from 3 to 3.45
add/artifact-name-input
Confidentiality Requirement updated: low -> high
S
Sebastian Kawelke updated the risk assessment from 3 to 3.45
attest
Confidentiality Requirement updated: low -> high
System fixed CVE-2024-8096
add/artifact-name-input
System fixed CVE-2024-8096
attest
System detected CVE-2024-8096 with a risk of 3.46
add/artifact-name-input
System updated the risk assessment from 3.46 to 3.45
attest
System recalculated raw risk assessment

Add a comment

Last calculated at:

Affected component

debian/curl

Installed version:

7.88.1-10

Fixed in:

no patch available

Show in dependency graph

🛡️ DevGuard
Group
/🧩 DevGuard CI-Components
Repository

CVE-2024-8096

Add a comment

Affected component

Management decisions across the organization