CVE-2024-8096 - Vulnerability Details

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Curl	Curl

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2024/09/11/1
https://curl.se/docs/CVE-2024-8096.html
https://curl.se/docs/CVE-2024-8096.json
https://hackerone.com/reports/2669852
https://lists.debian.org/debian-lts-announce/2024/11/msg00008.html
https://nvd.nist.gov/vuln/detail/CVE-2024-8096
https://security.netapp.com/advisory/ntap-20241011-0005/
https://www.cve.org/CVERecord?id=CVE-2024-8096

History

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		http://www.openwall.com/lists/oss-security/2024/09/11/1 https://lists.debian.org/debian-lts-announce/2024/11/msg00008.html https://security.netapp.com/advisory/ntap-20241011-0005/

Fri, 11 Oct 2024 23:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Curl Curl curl
CPEs		cpe:2.3:a:curl:curl::::::::
Vendors & Products		Curl Curl curl
References	http://www.openwall.com/lists/oss-security/2024/09/11/1
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 14:30:00 +0000

Type	Values Removed	Values Added
References		http://www.openwall.com/lists/oss-security/2024/09/11/1

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-295
References		https://nvd.nist.gov/vuln/detail/CVE-2024-8096 https://www.cve.org/CVERecord?id=CVE-2024-8096
Metrics	threat_severity `None`	cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}` threat_severity `Moderate`

Wed, 11 Sep 2024 10:15:00 +0000

Type	Values Removed	Values Added
Description		When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.
Title		OCSP stapling bypass with GnuTLS
References		https://curl.se/docs/CVE-2024-8096.html https://curl.se/docs/CVE-2024-8096.json https://hackerone.com/reports/2669852

MITRE

Status: PUBLISHED

Assigner: curl

Published: 2024-09-11T10:03:59.489Z

Updated: 2024-11-14T17:02:37.437Z

Reserved: 2024-08-22T14:46:26.822Z

Link: CVE-2024-8096

Vulnrichment

Updated: 2024-11-14T17:02:37.437Z

NVD

Status : Awaiting Analysis

Published: 2024-09-11T10:15:02.883

Modified: 2024-11-21T09:52:40.063

Link: CVE-2024-8096

Redhat

Severity : Moderate

Publid Date: 2024-09-11T00:00:00Z

Links: CVE-2024-8096 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object