CVE-2024-8096

ADVISORY - ubuntu

Summary

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.

EPSS Score⁠: 0.00136 (0.348)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-295⁠

Improper Certificate Validation

ADVISORY - redhat

CWE-295⁠

Improper Certificate Validation

Impacted images

Advisories

Ubuntu

CREATED

8 months ago

UPDATED

10 days ago

ADVISORY IDCVE-2024-8096⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
ubuntu/curl	deb	ubuntu	22.04	<7.81.0-1ubuntu1.18	7.81.0-1ubuntu1.18
ubuntu/curl	deb	ubuntu	24.04	<8.5.0-2ubuntu10.4	8.5.0-2ubuntu10.4
ubuntu/curl	deb	ubuntu	20.04	<7.68.0-1ubuntu2.24	7.68.0-1ubuntu2.24
ubuntu/curl	deb	ubuntu	24.10	<8.9.1-2ubuntu2	8.9.1-2ubuntu2
ubuntu/curl	deb	ubuntu	25.04	<8.9.1-2ubuntu2	8.9.1-2ubuntu2
ubuntu/curl	deb	ubuntu	14.04	>=0	Not yet available

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

8 months ago

UPDATED

6 months ago

ADVISORY IDCVE-2024-8096⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-295⁠

CVSS SCORE

6.5medium

Alpine

CREATED

8 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2024-8096⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

8 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2024-8096⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Red Hat

CREATED

8 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2024-8096⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-295⁠

CVSS SCORE

6.5medium

Chainguard

CREATED

8 months ago

UPDATED

8 months ago

ADVISORY ID

CGA-g55g-qx76-5fjj

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Photon

CREATED

3 months ago

UPDATED

1 month ago

ADVISORY ID

CVE-2024-8096

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.5medium