CVE-2024-8096 - Vulnerability Details

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Curl	Curl

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2024/09/11/1
https://curl.se/docs/CVE-2024-8096.html
https://curl.se/docs/CVE-2024-8096.json
https://hackerone.com/reports/2669852
https://lists.debian.org/debian-lts-announce/2024/11/msg00008.html
https://nvd.nist.gov/vuln/detail/CVE-2024-8096
https://security.netapp.com/advisory/ntap-20241011-0005/
https://www.cve.org/CVERecord?id=CVE-2024-8096

History

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		http://www.openwall.com/lists/oss-security/2024/09/11/1 https://lists.debian.org/debian-lts-announce/2024/11/msg00008.html https://security.netapp.com/advisory/ntap-20241011-0005/

Fri, 11 Oct 2024 23:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Curl Curl curl
CPEs		cpe:2.3:a:curl:curl::::::::
Vendors & Products		Curl Curl curl
References	http://www.openwall.com/lists/oss-security/2024/09/11/1
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 14:30:00 +0000

Type	Values Removed	Values Added
References		http://www.openwall.com/lists/oss-security/2024/09/11/1

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-295
References		https://nvd.nist.gov/vuln/detail/CVE-2024-8096 https://www.cve.org/CVERecord?id=CVE-2024-8096
Metrics	threat_severity `None`	cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}` threat_severity `Moderate`

Wed, 11 Sep 2024 10:15:00 +0000

Type	Values Removed	Values Added
Description		When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.
Title		OCSP stapling bypass with GnuTLS
References		https://curl.se/docs/CVE-2024-8096.html https://curl.se/docs/CVE-2024-8096.json https://hackerone.com/reports/2669852

MITRE

Status: PUBLISHED

Assigner: curl

Published: 2024-09-11T10:03:59.489Z

Updated: 2024-11-14T17:02:37.437Z

Reserved: 2024-08-22T14:46:26.822Z

Link: CVE-2024-8096

Vulnrichment

Updated: 2024-11-14T17:02:37.437Z

NVD

Status : Awaiting Analysis

Published: 2024-09-11T10:15:02.883

Modified: 2024-11-21T09:52:40.063

Link: CVE-2024-8096

Redhat

Severity : Moderate

Publid Date: 2024-09-11T00:00:00Z

Links: CVE-2024-8096 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8096", "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "state": "PUBLISHED", "assignerShortName": "curl", "dateReserved": "2024-08-22T14:46:26.822Z", "datePublished": "2024-09-11T10:03:59.489Z", "dateUpdated": "2024-11-14T17:02:37.437Z"}, "containers": {"cna": {"title": "OCSP stapling bypass with GnuTLS", "descriptions": [{"lang": "en", "value": "When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate."}], "providerMetadata": {"orgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "shortName": "curl", "dateUpdated": "2024-09-11T10:03:59.489Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-295 Improper Certificate Validation"}]}], "affected": [{"vendor": "curl", "product": "curl", "versions": [{"version": "8.9.1", "status": "affected", "lessThanOrEqual": "8.9.1", "versionType": "semver"}, {"version": "8.9.0", "status": "affected", "lessThanOrEqual": "8.9.0", "versionType": "semver"}, {"version": "8.8.0", "status": "affected", "lessThanOrEqual": "8.8.0", "versionType": "semver"}, {"version": "8.7.1", "status": "affected", "lessThanOrEqual": "8.7.1", "versionType": "semver"}, {"version": "8.7.0", "status": "affected", "lessThanOrEqual": "8.7.0", "versionType": "semver"}, {"version": "8.6.0", "status": "affected", "lessThanOrEqual": "8.6.0", "versionType": "semver"}, {"version": "8.5.0", "status": "affected", "lessThanOrEqual": "8.5.0", "versionType": "semver"}, {"version": "8.4.0", "status": "affected", "lessThanOrEqual": "8.4.0", "versionType": "semver"}, {"version": "8.3.0", "status": "affected", "lessThanOrEqual": "8.3.0", "versionType": "semver"}, {"version": "8.2.1", "status": "affected", "lessThanOrEqual": "8.2.1", "versionType": "semver"}, {"version": "8.2.0", "status": "affected", "lessThanOrEqual": "8.2.0", "versionType": "semver"}, {"version": "8.1.2", "status": "affected", "lessThanOrEqual": "8.1.2", "versionType": "semver"}, {"version": "8.1.1", "status": "affected", "lessThanOrEqual": "8.1.1", "versionType": "semver"}, {"version": "8.1.0", "status": "affected", "lessThanOrEqual": "8.1.0", "versionType": "semver"}, {"version": "8.0.1", "status": "affected", "lessThanOrEqual": "8.0.1", "versionType": "semver"}, {"version": "8.0.0", "status": "affected", "lessThanOrEqual": "8.0.0", "versionType": "semver"}, {"version": "7.88.1", "status": "affected", "lessThanOrEqual": "7.88.1", "versionType": "semver"}, {"version": "7.88.0", "status": "affected", "lessThanOrEqual": "7.88.0", "versionType": "semver"}, {"version": "7.87.0", "status": "affected", "lessThanOrEqual": "7.87.0", "versionType": "semver"}, {"version": "7.86.0", "status": "affected", "lessThanOrEqual": "7.86.0", "versionType": "semver"}, {"version": "7.85.0", "status": "affected", "lessThanOrEqual": "7.85.0", "versionType": "semver"}, {"version": "7.84.0", "status": "affected", "lessThanOrEqual": "7.84.0", "versionType": "semver"}, {"version": "7.83.1", "status": "affected", "lessThanOrEqual": "7.83.1", "versionType": "semver"}, {"version": "7.83.0", "status": "affected", "lessThanOrEqual": "7.83.0", "versionType": "semver"}, {"version": "7.82.0", "status": "affected", "lessThanOrEqual": "7.82.0", "versionType": "semver"}, {"version": "7.81.0", "status": "affected", "lessThanOrEqual": "7.81.0", "versionType": "semver"}, {"version": "7.80.0", "status": "affected", "lessThanOrEqual": "7.80.0", "versionType": "semver"}, {"version": "7.79.1", "status": "affected", "lessThanOrEqual": "7.79.1", "versionType": "semver"}, {"version": "7.79.0", "status": "affected", "lessThanOrEqual": "7.79.0", "versionType": "semver"}, {"version": "7.78.0", "status": "affected", "lessThanOrEqual": "7.78.0", "versionType": "semver"}, {"version": "7.77.0", "status": "affected", "lessThanOrEqual": "7.77.0", "versionType": "semver"}, {"version": "7.76.1", "status": "affected", "lessThanOrEqual": "7.76.1", "versionType": "semver"}, {"version": "7.76.0", "status": "affected", "lessThanOrEqual": "7.76.0", "versionType": "semver"}, {"version": "7.75.0", "status": "affected", "lessThanOrEqual": "7.75.0", "versionType": "semver"}, {"version": "7.74.0", "status": "affected", "lessThanOrEqual": "7.74.0", "versionType": "semver"}, {"version": "7.73.0", "status": "affected", "lessThanOrEqual": "7.73.0", "versionType": "semver"}, {"version": "7.72.0", "status": "affected", "lessThanOrEqual": "7.72.0", "versionType": "semver"}, {"version": "7.71.1", "status": "affected", "lessThanOrEqual": "7.71.1", "versionType": "semver"}, {"version": "7.71.0", "status": "affected", "lessThanOrEqual": "7.71.0", "versionType": "semver"}, {"version": "7.70.0", "status": "affected", "lessThanOrEqual": "7.70.0", "versionType": "semver"}, {"version": "7.69.1", "status": "affected", "lessThanOrEqual": "7.69.1", "versionType": "semver"}, {"version": "7.69.0", "status": "affected", "lessThanOrEqual": "7.69.0", "versionType": "semver"}, {"version": "7.68.0", "status": "affected", "lessThanOrEqual": "7.68.0", "versionType": "semver"}, {"version": "7.67.0", "status": "affected", "lessThanOrEqual": "7.67.0", "versionType": "semver"}, {"version": "7.66.0", "status": "affected", "lessThanOrEqual": "7.66.0", "versionType": "semver"}, {"version": "7.65.3", "status": "affected", "lessThanOrEqual": "7.65.3", "versionType": "semver"}, {"version": "7.65.2", "status": "affected", "lessThanOrEqual": "7.65.2", "versionType": "semver"}, {"version": "7.65.1", "status": "affected", "lessThanOrEqual": "7.65.1", "versionType": "semver"}, {"version": "7.65.0", "status": "affected", "lessThanOrEqual": "7.65.0", "versionType": "semver"}, {"version": "7.64.1", "status": "affected", "lessThanOrEqual": "7.64.1", "versionType": "semver"}, {"version": "7.64.0", "status": "affected", "lessThanOrEqual": "7.64.0", "versionType": "semver"}, {"version": "7.63.0", "status": "affected", "lessThanOrEqual": "7.63.0", "versionType": "semver"}, {"version": "7.62.0", "status": "affected", "lessThanOrEqual": "7.62.0", "versionType": "semver"}, {"version": "7.61.1", "status": "affected", "lessThanOrEqual": "7.61.1", "versionType": "semver"}, {"version": "7.61.0", "status": "affected", "lessThanOrEqual": "7.61.0", "versionType": "semver"}, {"version": "7.60.0", "status": "affected", "lessThanOrEqual": "7.60.0", "versionType": "semver"}, {"version": "7.59.0", "status": "affected", "lessThanOrEqual": "7.59.0", "versionType": "semver"}, {"version": "7.58.0", "status": "affected", "lessThanOrEqual": "7.58.0", "versionType": "semver"}, {"version": "7.57.0", "status": "affected", "lessThanOrEqual": "7.57.0", "versionType": "semver"}, {"version": "7.56.1", "status": "affected", "lessThanOrEqual": "7.56.1", "versionType": "semver"}, {"version": "7.56.0", "status": "affected", "lessThanOrEqual": "7.56.0", "versionType": "semver"}, {"version": "7.55.1", "status": "affected", "lessThanOrEqual": "7.55.1", "versionType": "semver"}, {"version": "7.55.0", "status": "affected", "lessThanOrEqual": "7.55.0", "versionType": "semver"}, {"version": "7.54.1", "status": "affected", "lessThanOrEqual": "7.54.1", "versionType": "semver"}, {"version": "7.54.0", "status": "affected", "lessThanOrEqual": "7.54.0", "versionType": "semver"}, {"version": "7.53.1", "status": "affected", "lessThanOrEqual": "7.53.1", "versionType": "semver"}, {"version": "7.53.0", "status": "affected", "lessThanOrEqual": "7.53.0", "versionType": "semver"}, {"version": "7.52.1", "status": "affected", "lessThanOrEqual": "7.52.1", "versionType": "semver"}, {"version": "7.52.0", "status": "affected", "lessThanOrEqual": "7.52.0", "versionType": "semver"}, {"version": "7.51.0", "status": "affected", "lessThanOrEqual": "7.51.0", "versionType": "semver"}, {"version": "7.50.3", "status": "affected", "lessThanOrEqual": "7.50.3", "versionType": "semver"}, {"version": "7.50.2", "status": "affected", "lessThanOrEqual": "7.50.2", "versionType": "semver"}, {"version": "7.50.1", "status": "affected", "lessThanOrEqual": "7.50.1", "versionType": "semver"}, {"version": "7.50.0", "status": "affected", "lessThanOrEqual": "7.50.0", "versionType": "semver"}, {"version": "7.49.1", "status": "affected", "lessThanOrEqual": "7.49.1", "versionType": "semver"}, {"version": "7.49.0", "status": "affected", "lessThanOrEqual": "7.49.0", "versionType": "semver"}, {"version": "7.48.0", "status": "affected", "lessThanOrEqual": "7.48.0", "versionType": "semver"}, {"version": "7.47.1", "status": "affected", "lessThanOrEqual": "7.47.1", "versionType": "semver"}, {"version": "7.47.0", "status": "affected", "lessThanOrEqual": "7.47.0", "versionType": "semver"}, {"version": "7.46.0", "status": "affected", "lessThanOrEqual": "7.46.0", "versionType": "semver"}, {"version": "7.45.0", "status": "affected", "lessThanOrEqual": "7.45.0", "versionType": "semver"}, {"version": "7.44.0", "status": "affected", "lessThanOrEqual": "7.44.0", "versionType": "semver"}, {"version": "7.43.0", "status": "affected", "lessThanOrEqual": "7.43.0", "versionType": "semver"}, {"version": "7.42.1", "status": "affected", "lessThanOrEqual": "7.42.1", "versionType": "semver"}, {"version": "7.42.0", "status": "affected", "lessThanOrEqual": "7.42.0", "versionType": "semver"}, {"version": "7.41.0", "status": "affected", "lessThanOrEqual": "7.41.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://curl.se/docs/CVE-2024-8096.json", "name": "json"}, {"url": "https://curl.se/docs/CVE-2024-8096.html", "name": "www"}, {"url": "https://hackerone.com/reports/2669852", "name": "issue"}], "credits": [{"lang": "en", "value": "Hiroki Kurosawa", "type": "finder"}, {"lang": "en", "value": "Daniel Stenberg", "type": "remediation developer"}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/09/11/1"}, {"url": "https://security.netapp.com/advisory/ntap-20241011-0005/"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00008.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-11-14T17:02:37.437Z"}}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-295", "lang": "en", "description": "CWE-295 Improper Certificate Validation"}]}], "affected": [{"vendor": "curl", "product": "curl", "cpes": ["cpe:2.3:a:curl:curl:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.41.0", "status": "affected", "lessThanOrEqual": "8.9.1", "versionType": "semver"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-11T13:42:47.908850Z", "id": "CVE-2024-8096", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T13:46:36.676Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/09/11/1"}, {"url": "https://security.netapp.com/advisory/ntap-20241011-0005/"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00008.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-11-14T17:02:37.437Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-8096", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-11T13:42:47.908850Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:curl:curl:*:*:*:*:*:*:*:*"], "vendor": "curl", "product": "curl", "versions": [{"status": "affected", "version": "7.41.0", "versionType": "semver", "lessThanOrEqual": "8.9.1"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T13:46:16.524Z"}}], "cna": {"title": "OCSP stapling bypass with GnuTLS", "credits": [{"lang": "en", "type": "finder", "value": "Hiroki Kurosawa"}, {"lang": "en", "type": "remediation developer", "value": "Daniel Stenberg"}], "affected": [{"vendor": "curl", "product": "curl", "versions": [{"status": "affected", "version": "8.9.1", "versionType": "semver", "lessThanOrEqual": "8.9.1"}, {"status": "affected", "version": "8.9.0", "versionType": "semver", "lessThanOrEqual": "8.9.0"}, {"status": "affected", "version": "8.8.0", "versionType": "semver", "lessThanOrEqual": "8.8.0"}, {"status": "affected", "version": "8.7.1", "versionType": "semver", "lessThanOrEqual": "8.7.1"}, {"status": "affected", "version": "8.7.0", "versionType": "semver", "lessThanOrEqual": "8.7.0"}, {"status": "affected", "version": "8.6.0", "versionType": "semver", "lessThanOrEqual": "8.6.0"}, {"status": "affected", "version": "8.5.0", "versionType": "semver", "lessThanOrEqual": "8.5.0"}, {"status": "affected", "version": "8.4.0", "versionType": "semver", "lessThanOrEqual": "8.4.0"}, {"status": "affected", "version": "8.3.0", "versionType": "semver", "lessThanOrEqual": "8.3.0"}, {"status": "affected", "version": "8.2.1", "versionType": "semver", "lessThanOrEqual": "8.2.1"}, {"status": "affected", "version": "8.2.0", "versionType": "semver", "lessThanOrEqual": "8.2.0"}, {"status": "affected", "version": "8.1.2", "versionType": "semver", "lessThanOrEqual": "8.1.2"}, {"status": "affected", "version": "8.1.1", "versionType": "semver", "lessThanOrEqual": "8.1.1"}, {"status": "affected", "version": "8.1.0", "versionType": "semver", "lessThanOrEqual": "8.1.0"}, {"status": "affected", "version": "8.0.1", "versionType": "semver", "lessThanOrEqual": "8.0.1"}, {"status": "affected", "version": "8.0.0", "versionType": "semver", "lessThanOrEqual": "8.0.0"}, {"status": "affected", "version": "7.88.1", "versionType": "semver", "lessThanOrEqual": "7.88.1"}, {"status": "affected", "version": "7.88.0", "versionType": "semver", "lessThanOrEqual": "7.88.0"}, {"status": "affected", "version": "7.87.0", "versionType": "semver", "lessThanOrEqual": "7.87.0"}, {"status": "affected", "version": "7.86.0", "versionType": "semver", "lessThanOrEqual": "7.86.0"}, {"status": "affected", "version": "7.85.0", "versionType": "semver", "lessThanOrEqual": "7.85.0"}, {"status": "affected", "version": "7.84.0", "versionType": "semver", "lessThanOrEqual": "7.84.0"}, {"status": "affected", "version": "7.83.1", "versionType": "semver", "lessThanOrEqual": "7.83.1"}, {"status": "affected", "version": "7.83.0", "versionType": "semver", "lessThanOrEqual": "7.83.0"}, {"status": "affected", "version": "7.82.0", "versionType": "semver", "lessThanOrEqual": "7.82.0"}, {"status": "affected", "version": "7.81.0", "versionType": "semver", "lessThanOrEqual": "7.81.0"}, {"status": "affected", "version": "7.80.0", "versionType": "semver", "lessThanOrEqual": "7.80.0"}, {"status": "affected", "version": "7.79.1", "versionType": "semver", "lessThanOrEqual": "7.79.1"}, {"status": "affected", "version": "7.79.0", "versionType": "semver", "lessThanOrEqual": "7.79.0"}, {"status": "affected", "version": "7.78.0", "versionType": "semver", "lessThanOrEqual": "7.78.0"}, {"status": "affected", "version": "7.77.0", "versionType": "semver", "lessThanOrEqual": "7.77.0"}, {"status": "affected", "version": "7.76.1", "versionType": "semver", "lessThanOrEqual": "7.76.1"}, {"status": "affected", "version": "7.76.0", "versionType": "semver", "lessThanOrEqual": "7.76.0"}, {"status": "affected", "version": "7.75.0", "versionType": "semver", "lessThanOrEqual": "7.75.0"}, {"status": "affected", "version": "7.74.0", "versionType": "semver", "lessThanOrEqual": "7.74.0"}, {"status": "affected", "version": "7.73.0", "versionType": "semver", "lessThanOrEqual": "7.73.0"}, {"status": "affected", "version": "7.72.0", "versionType": "semver", "lessThanOrEqual": "7.72.0"}, {"status": "affected", "version": "7.71.1", "versionType": "semver", "lessThanOrEqual": "7.71.1"}, {"status": "affected", "version": "7.71.0", "versionType": "semver", "lessThanOrEqual": "7.71.0"}, {"status": "affected", "version": "7.70.0", "versionType": "semver", "lessThanOrEqual": "7.70.0"}, {"status": "affected", "version": "7.69.1", "versionType": "semver", "lessThanOrEqual": "7.69.1"}, {"status": "affected", "version": "7.69.0", "versionType": "semver", "lessThanOrEqual": "7.69.0"}, {"status": "affected", "version": "7.68.0", "versionType": "semver", "lessThanOrEqual": "7.68.0"}, {"status": "affected", "version": "7.67.0", "versionType": "semver", "lessThanOrEqual": "7.67.0"}, {"status": "affected", "version": "7.66.0", "versionType": "semver", "lessThanOrEqual": "7.66.0"}, {"status": "affected", "version": "7.65.3", "versionType": "semver", "lessThanOrEqual": "7.65.3"}, {"status": "affected", "version": "7.65.2", "versionType": "semver", "lessThanOrEqual": "7.65.2"}, {"status": "affected", "version": "7.65.1", "versionType": "semver", "lessThanOrEqual": "7.65.1"}, {"status": "affected", "version": "7.65.0", "versionType": "semver", "lessThanOrEqual": "7.65.0"}, {"status": "affected", "version": "7.64.1", "versionType": "semver", "lessThanOrEqual": "7.64.1"}, {"status": "affected", "version": "7.64.0", "versionType": "semver", "lessThanOrEqual": "7.64.0"}, {"status": "affected", "version": "7.63.0", "versionType": "semver", "lessThanOrEqual": "7.63.0"}, {"status": "affected", "version": "7.62.0", "versionType": "semver", "lessThanOrEqual": "7.62.0"}, {"status": "affected", "version": "7.61.1", "versionType": "semver", "lessThanOrEqual": "7.61.1"}, {"status": "affected", "version": "7.61.0", "versionType": "semver", "lessThanOrEqual": "7.61.0"}, {"status": "affected", "version": "7.60.0", "versionType": "semver", "lessThanOrEqual": "7.60.0"}, {"status": "affected", "version": "7.59.0", "versionType": "semver", "lessThanOrEqual": "7.59.0"}, {"status": "affected", "version": "7.58.0", "versionType": "semver", "lessThanOrEqual": "7.58.0"}, {"status": "affected", "version": "7.57.0", "versionType": "semver", "lessThanOrEqual": "7.57.0"}, {"status": "affected", "version": "7.56.1", "versionType": "semver", "lessThanOrEqual": "7.56.1"}, {"status": "affected", "version": "7.56.0", "versionType": "semver", "lessThanOrEqual": "7.56.0"}, {"status": "affected", "version": "7.55.1", "versionType": "semver", "lessThanOrEqual": "7.55.1"}, {"status": "affected", "version": "7.55.0", "versionType": "semver", "lessThanOrEqual": "7.55.0"}, {"status": "affected", "version": "7.54.1", "versionType": "semver", "lessThanOrEqual": "7.54.1"}, {"status": "affected", "version": "7.54.0", "versionType": "semver", "lessThanOrEqual": "7.54.0"}, {"status": "affected", "version": "7.53.1", "versionType": "semver", "lessThanOrEqual": "7.53.1"}, {"status": "affected", "version": "7.53.0", "versionType": "semver", "lessThanOrEqual": "7.53.0"}, {"status": "affected", "version": "7.52.1", "versionType": "semver", "lessThanOrEqual": "7.52.1"}, {"status": "affected", "version": "7.52.0", "versionType": "semver", "lessThanOrEqual": "7.52.0"}, {"status": "affected", "version": "7.51.0", "versionType": "semver", "lessThanOrEqual": "7.51.0"}, {"status": "affected", "version": "7.50.3", "versionType": "semver", "lessThanOrEqual": "7.50.3"}, {"status": "affected", "version": "7.50.2", "versionType": "semver", "lessThanOrEqual": "7.50.2"}, {"status": "affected", "version": "7.50.1", "versionType": "semver", "lessThanOrEqual": "7.50.1"}, {"status": "affected", "version": "7.50.0", "versionType": "semver", "lessThanOrEqual": "7.50.0"}, {"status": "affected", "version": "7.49.1", "versionType": "semver", "lessThanOrEqual": "7.49.1"}, {"status": "affected", "version": "7.49.0", "versionType": "semver", "lessThanOrEqual": "7.49.0"}, {"status": "affected", "version": "7.48.0", "versionType": "semver", "lessThanOrEqual": "7.48.0"}, {"status": "affected", "version": "7.47.1", "versionType": "semver", "lessThanOrEqual": "7.47.1"}, {"status": "affected", "version": "7.47.0", "versionType": "semver", "lessThanOrEqual": "7.47.0"}, {"status": "affected", "version": "7.46.0", "versionType": "semver", "lessThanOrEqual": "7.46.0"}, {"status": "affected", "version": "7.45.0", "versionType": "semver", "lessThanOrEqual": "7.45.0"}, {"status": "affected", "version": "7.44.0", "versionType": "semver", "lessThanOrEqual": "7.44.0"}, {"status": "affected", "version": "7.43.0", "versionType": "semver", "lessThanOrEqual": "7.43.0"}, {"status": "affected", "version": "7.42.1", "versionType": "semver", "lessThanOrEqual": "7.42.1"}, {"status": "affected", "version": "7.42.0", "versionType": "semver", "lessThanOrEqual": "7.42.0"}, {"status": "affected", "version": "7.41.0", "versionType": "semver", "lessThanOrEqual": "7.41.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://curl.se/docs/CVE-2024-8096.json", "name": "json"}, {"url": "https://curl.se/docs/CVE-2024-8096.html", "name": "www"}, {"url": "https://hackerone.com/reports/2669852", "name": "issue"}], "descriptions": [{"lang": "en", "value": "When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-295 Improper Certificate Validation"}]}], "providerMetadata": {"orgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "shortName": "curl", "dateUpdated": "2024-09-11T10:03:59.489Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8096", "state": "PUBLISHED", "dateUpdated": "2024-11-14T17:02:37.437Z", "dateReserved": "2024-08-22T14:46:26.822Z", "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "datePublished": "2024-09-11T10:03:59.489Z", "assignerShortName": "curl"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate."}, {"lang": "es", "value": "Cuando se le indica a curl que utilice la extensi\u00f3n TLS de solicitud de estado de certificado, a menudo denominada como grapado OCSP, para verificar que el certificado del servidor es v\u00e1lido, es posible que no detecte algunos problemas de OCSP y, en cambio, considere err\u00f3neamente que la respuesta es correcta. Si el estado devuelto informa un error distinto de \"revocado\" (como, por ejemplo, \"no autorizado\"), no se trata como un certificado incorrecto."}], "id": "CVE-2024-8096", "lastModified": "2024-11-21T09:52:40.063", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-09-11T10:15:02.883", "references": [{"source": "2499f714-1537-4658-8207-48ae4bb9eae9", "url": "https://curl.se/docs/CVE-2024-8096.html"}, {"source": "2499f714-1537-4658-8207-48ae4bb9eae9", "url": "https://curl.se/docs/CVE-2024-8096.json"}, {"source": "2499f714-1537-4658-8207-48ae4bb9eae9", "url": "https://hackerone.com/reports/2669852"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/09/11/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20241011-0005/"}], "sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "curl: OCSP stapling bypass with GnuTLS", "id": "2310519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310519"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-295", "details": ["When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.", "A vulnerability was found in Curl. When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and incorrectly consider the response as fine instead. If the returned status reports an error other than \"revoked\", such as \"unauthorized\", it is not treated as a bad certificate."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-8096", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "curl", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_core_services:1", "fix_state": "Affected", "package_name": "curl", "product_name": "Red Hat JBoss Core Services"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2024-09-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-8096\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-8096"], "statement": "The vulnerability in curl related to OCSP stapling is classified as moderate severity rather than important because it only affects the validation of server certificates under specific conditions: when using the GnuTLS library and when the OCSP response indicates an error other than \"revoked\", such as \"unauthorized\". This limits the attack surface, as the issue does not result in outright failure to detect revoked certificates, arguably the most critical OCSP check. Additionally, OCSP stapling is not widely implemented across the web, reducing the likelihood of widespread exploitation.", "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object