CVE-2024-8096 Information
Description
When curl is told to use the Certificate Status Request TLS extension often referred to as OCSP stapling to verify that the server certificate is valid it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than ‘revoked’ (like for example ‘unauthorized’) it is not treated as a bad certficate.
Reference
cve@curl.se https://curl.se/docs/CVE-2024-8096.json https://curl.se/docs/CVE-2024-8096.html https://hackerone.com/reports/2669852 When curl is told to use the Certificate Status Request TLS extension often referred to as OCSP stapling to verify that the server certificate is valid it might fail to detect some OCSP problems and instead wrongly consider the response as fine.
If the returned status reports another error than ‘revoked’ (like for example ‘unauthorized’) it is not treated as a bad certficate.
Share on: