CVE-2024-8096
Medium
Low
Medium
High
Critical
6.5
CVSS Score
Vulnerability Description
When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
L
Integrity
L
Availability
N
Known Affected Software
94 configuration(s) from 3 vendor(s)
debian_linux
Version:
11.0
CPE:
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
curl
Version:
7.80.0
CPE:
cpe:2.3:a:haxx:curl:7.80.0:*:*:*:*:*:*:*
curl
Version:
8.2.0
CPE:
cpe:2.3:a:haxx:curl:8.2.0:*:*:*:*:*:*:*
curl
Version:
7.53.0
CPE:
cpe:2.3:a:haxx:curl:7.53.0:*:*:*:*:*:*:*
curl
Version:
7.51.0
CPE:
cpe:2.3:a:haxx:curl:7.51.0:*:*:*:*:*:*:*
curl
Version:
8.7.0
CPE:
cpe:2.3:a:haxx:curl:8.7.0:*:*:*:*:*:*:*
curl
Version:
7.48.0
CPE:
cpe:2.3:a:haxx:curl:7.48.0:*:*:*:*:*:*:*
curl
Version:
7.52.1
CPE:
cpe:2.3:a:haxx:curl:7.52.1:*:*:*:*:*:*:*
curl
Version:
8.2.1
CPE:
cpe:2.3:a:haxx:curl:8.2.1:*:*:*:*:*:*:*
curl
Version:
7.50.0
CPE:
cpe:2.3:a:haxx:curl:7.50.0:*:*:*:*:*:*:*
curl
Version:
8.0.0
CPE:
cpe:2.3:a:haxx:curl:8.0.0:*:*:*:*:*:*:*
curl
Version:
7.64.0
CPE:
cpe:2.3:a:haxx:curl:7.64.0:*:*:*:*:*:*:*
curl
Version:
7.65.0
CPE:
cpe:2.3:a:haxx:curl:7.65.0:*:*:*:*:*:*:*
curl
Version:
7.63.0
CPE:
cpe:2.3:a:haxx:curl:7.63.0:*:*:*:*:*:*:*
curl
Version:
7.88.1
CPE:
cpe:2.3:a:haxx:curl:7.88.1:*:*:*:*:*:*:*
curl
Version:
7.79.1
CPE:
cpe:2.3:a:haxx:curl:7.79.1:*:*:*:*:*:*:*
curl
Version:
7.77.0
CPE:
cpe:2.3:a:haxx:curl:7.77.0:*:*:*:*:*:*:*
curl
Version:
7.49.0
CPE:
cpe:2.3:a:haxx:curl:7.49.0:*:*:*:*:*:*:*
curl
Version:
8.0.1
CPE:
cpe:2.3:a:haxx:curl:8.0.1:*:*:*:*:*:*:*
curl
Version:
7.50.1
CPE:
cpe:2.3:a:haxx:curl:7.50.1:*:*:*:*:*:*:*
curl
Version:
7.42.0
CPE:
cpe:2.3:a:haxx:curl:7.42.0:*:*:*:*:*:*:*
curl
Version:
7.65.3
CPE:
cpe:2.3:a:haxx:curl:7.65.3:*:*:*:*:*:*:*
curl
Version:
7.84.0
CPE:
cpe:2.3:a:haxx:curl:7.84.0:*:*:*:*:*:*:*
curl
Version:
7.82.0
CPE:
cpe:2.3:a:haxx:curl:7.82.0:*:*:*:*:*:*:*
curl
Version:
7.50.3
CPE:
cpe:2.3:a:haxx:curl:7.50.3:*:*:*:*:*:*:*
curl
Version:
8.4.0
CPE:
cpe:2.3:a:haxx:curl:8.4.0:*:*:*:*:*:*:*
curl
Version:
8.5.0
CPE:
cpe:2.3:a:haxx:curl:8.5.0:*:*:*:*:*:*:*
curl
Version:
7.74.0
CPE:
cpe:2.3:a:haxx:curl:7.74.0:*:*:*:*:*:*:*
curl
Version:
7.43.0
CPE:
cpe:2.3:a:haxx:curl:7.43.0:*:*:*:*:*:*:*
curl
Version:
7.55.1
CPE:
cpe:2.3:a:haxx:curl:7.55.1:*:*:*:*:*:*:*
curl
Version:
7.54.0
CPE:
cpe:2.3:a:haxx:curl:7.54.0:*:*:*:*:*:*:*
curl
Version:
7.75.0
CPE:
cpe:2.3:a:haxx:curl:7.75.0:*:*:*:*:*:*:*
curl
Version:
7.69.1
CPE:
cpe:2.3:a:haxx:curl:7.69.1:*:*:*:*:*:*:*
curl
Version:
8.1.1
CPE:
cpe:2.3:a:haxx:curl:8.1.1:*:*:*:*:*:*:*
curl
Version:
7.47.1
CPE:
cpe:2.3:a:haxx:curl:7.47.1:*:*:*:*:*:*:*
curl
Version:
7.59.0
CPE:
cpe:2.3:a:haxx:curl:7.59.0:*:*:*:*:*:*:*
curl
Version:
7.70.0
CPE:
cpe:2.3:a:haxx:curl:7.70.0:*:*:*:*:*:*:*
curl
Version:
7.87.0
CPE:
cpe:2.3:a:haxx:curl:7.87.0:*:*:*:*:*:*:*
curl
Version:
7.41.0
CPE:
cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*
curl
Version:
7.69.0
CPE:
cpe:2.3:a:haxx:curl:7.69.0:*:*:*:*:*:*:*
curl
Version:
7.61.1
CPE:
cpe:2.3:a:haxx:curl:7.61.1:*:*:*:*:*:*:*
curl
Version:
7.52.0
CPE:
cpe:2.3:a:haxx:curl:7.52.0:*:*:*:*:*:*:*
curl
Version:
7.44.0
CPE:
cpe:2.3:a:haxx:curl:7.44.0:*:*:*:*:*:*:*
curl
Version:
7.56.0
CPE:
cpe:2.3:a:haxx:curl:7.56.0:*:*:*:*:*:*:*
curl
Version:
7.68.0
CPE:
cpe:2.3:a:haxx:curl:7.68.0:*:*:*:*:*:*:*
curl
Version:
7.56.1
CPE:
cpe:2.3:a:haxx:curl:7.56.1:*:*:*:*:*:*:*
curl
Version:
7.62.0
CPE:
cpe:2.3:a:haxx:curl:7.62.0:*:*:*:*:*:*:*
curl
Version:
7.76.1
CPE:
cpe:2.3:a:haxx:curl:7.76.1:*:*:*:*:*:*:*
curl
Version:
7.66.0
CPE:
cpe:2.3:a:haxx:curl:7.66.0:*:*:*:*:*:*:*
curl
Version:
7.72.0
CPE:
cpe:2.3:a:haxx:curl:7.72.0:*:*:*:*:*:*:*
curl
Version:
7.55.0
CPE:
cpe:2.3:a:haxx:curl:7.55.0:*:*:*:*:*:*:*
curl
Version:
7.45.0
CPE:
cpe:2.3:a:haxx:curl:7.45.0:*:*:*:*:*:*:*
curl
Version:
8.1.0
CPE:
cpe:2.3:a:haxx:curl:8.1.0:*:*:*:*:*:*:*
curl
Version:
7.81.0
CPE:
cpe:2.3:a:haxx:curl:7.81.0:*:*:*:*:*:*:*
curl
Version:
7.47.0
CPE:
cpe:2.3:a:haxx:curl:7.47.0:*:*:*:*:*:*:*
curl
Version:
7.85.0
CPE:
cpe:2.3:a:haxx:curl:7.85.0:*:*:*:*:*:*:*
curl
Version:
7.67.0
CPE:
cpe:2.3:a:haxx:curl:7.67.0:*:*:*:*:*:*:*
curl
Version:
7.88.0
CPE:
cpe:2.3:a:haxx:curl:7.88.0:*:*:*:*:*:*:*
curl
Version:
7.65.1
CPE:
cpe:2.3:a:haxx:curl:7.65.1:*:*:*:*:*:*:*
curl
Version:
8.8.0
CPE:
cpe:2.3:a:haxx:curl:8.8.0:*:*:*:*:*:*:*
curl
Version:
7.79.0
CPE:
cpe:2.3:a:haxx:curl:7.79.0:*:*:*:*:*:*:*
curl
Version:
7.57.0
CPE:
cpe:2.3:a:haxx:curl:7.57.0:*:*:*:*:*:*:*
curl
Version:
8.9.0
CPE:
cpe:2.3:a:haxx:curl:8.9.0:*:*:*:*:*:*:*
curl
Version:
7.54.1
CPE:
cpe:2.3:a:haxx:curl:7.54.1:*:*:*:*:*:*:*
curl
Version:
8.7.1
CPE:
cpe:2.3:a:haxx:curl:8.7.1:*:*:*:*:*:*:*
curl
Version:
7.73.0
CPE:
cpe:2.3:a:haxx:curl:7.73.0:*:*:*:*:*:*:*
curl
Version:
7.60.0
CPE:
cpe:2.3:a:haxx:curl:7.60.0:*:*:*:*:*:*:*
curl
Version:
8.6.0
CPE:
cpe:2.3:a:haxx:curl:8.6.0:*:*:*:*:*:*:*
curl
Version:
8.1.2
CPE:
cpe:2.3:a:haxx:curl:8.1.2:*:*:*:*:*:*:*
curl
Version:
7.76.0
CPE:
cpe:2.3:a:haxx:curl:7.76.0:*:*:*:*:*:*:*
curl
Version:
8.9.1
CPE:
cpe:2.3:a:haxx:curl:8.9.1:*:*:*:*:*:*:*
curl
Version:
7.42.1
CPE:
cpe:2.3:a:haxx:curl:7.42.1:*:*:*:*:*:*:*
curl
Version:
7.50.2
CPE:
cpe:2.3:a:haxx:curl:7.50.2:*:*:*:*:*:*:*
curl
Version:
7.64.1
CPE:
cpe:2.3:a:haxx:curl:7.64.1:*:*:*:*:*:*:*
curl
Version:
7.86.0
CPE:
cpe:2.3:a:haxx:curl:7.86.0:*:*:*:*:*:*:*
curl
Version:
7.65.2
CPE:
cpe:2.3:a:haxx:curl:7.65.2:*:*:*:*:*:*:*
curl
Version:
7.58.0
CPE:
cpe:2.3:a:haxx:curl:7.58.0:*:*:*:*:*:*:*
curl
Version:
7.78.0
CPE:
cpe:2.3:a:haxx:curl:7.78.0:*:*:*:*:*:*:*
curl
Version:
7.46.0
CPE:
cpe:2.3:a:haxx:curl:7.46.0:*:*:*:*:*:*:*
curl
Version:
7.71.1
CPE:
cpe:2.3:a:haxx:curl:7.71.1:*:*:*:*:*:*:*
curl
Version:
7.49.1
CPE:
cpe:2.3:a:haxx:curl:7.49.1:*:*:*:*:*:*:*
curl
Version:
7.71.0
CPE:
cpe:2.3:a:haxx:curl:7.71.0:*:*:*:*:*:*:*
curl
Version:
7.53.1
CPE:
cpe:2.3:a:haxx:curl:7.53.1:*:*:*:*:*:*:*
curl
Version:
7.83.0
CPE:
cpe:2.3:a:haxx:curl:7.83.0:*:*:*:*:*:*:*
curl
Version:
7.83.1
CPE:
cpe:2.3:a:haxx:curl:7.83.1:*:*:*:*:*:*:*
curl
Version:
7.61.0
CPE:
cpe:2.3:a:haxx:curl:7.61.0:*:*:*:*:*:*:*
bootstrap_os
Version:
-
CPE:
cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*
active_iq_unified_manager
Version:
-
CPE:
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
ontap_tools
Version:
10
CPE:
cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*
h700s_firmware
Version:
-
CPE:
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
h500s_firmware
Version:
-
CPE:
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
h410s_firmware
Version:
-
CPE:
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
h300s_firmware
Version:
-
CPE:
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
ontap_select_deploy_administration_utility
Version:
-
CPE:
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
This vulnerability affects 94 software configuration(s). Ensure you patch all affected systems.
Microsoft
2024-Sep-CVE-2024-8096
CVE-2024-8096: OCSP stapling bypass with GnuTLS
Severity
Unknown
Released
Oct 11, 2025
Security Update
Microsoft
2025-Apr-CVE-2024-8096
CVE-2024-8096: None
Severity
Unknown
Released
Oct 01, 2025
Security Update
Microsoft
2024-Oct-CVE-2024-8096
CVE-2024-8096: None
Severity
Unknown
Released
Oct 01, 2025
Security Update
Microsoft
2025-Jul-CVE-2024-8096
CVE-2024-8096: None
Severity
Unknown
Released
Sep 17, 2025
Security Update
Microsoft
2025-Mar-CVE-2024-8096
CVE-2024-8096: None
Severity
Unknown
Released
Sep 04, 2025
Security Update
Microsoft
2024-Nov-CVE-2024-8096
CVE-2024-8096: None
Severity
Unknown
Released
Sep 04, 2025
Security Update
Oracle
CPUJAN2025
Oracle Critical Patch Update Advisory - January 2025
Severity
Critical
Released
Jan 21, 2025
Restart Required
Security Update
References & Resources
-
https://curl.se/docs/CVE-2024-8096.html2499f714-1537-4658-8207-48ae4bb9eae9 Vendor Advisory
-
https://curl.se/docs/CVE-2024-8096.json2499f714-1537-4658-8207-48ae4bb9eae9 Vendor Advisory
-
https://hackerone.com/reports/26698522499f714-1537-4658-8207-48ae4bb9eae9 Exploit Issue Tracking Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2024/09/11/1af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2024/11/msg00008.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20241011-0005/af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
Severity Details
6.5
out of 10.0
Medium
Weakness Type (CWE)
CWE-295
Top 25 #23
Improper Certificate Validation
- Description
- The product does not validate, or incorrectly validates, a certificate.
- Typical Severity
- High
- OWASP Top 10
- A02:2021-Cryptographic Failures
- Abstraction Level
- Base
Key Information
- Published Date
- September 11, 2024
