从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞ID:CURL-CVE-2024-8096 2. 漏洞名称:OCSP stapling bypass with GnuTLS 3. 修改时间:2024-09-11T07:39:47.00Z 4. 数据库特定信息: - 包名:curl - URL:https://curl.se/docs/CVE-2024-8096.json - 网站:https://curl.se/docs/CVE-2024-8096.html - 问题报告:https://hackerone.com/reports/2669852 - CWE:CWE-295,描述为“Improper Certificate Validation” 5. 奖励信息: - 金额:2540美元 - 货币:USD 6. 受影响版本: - 最后受影响的版本:8.9.1 - 严重性:Medium 7. 发布时间:2024-09-11T08:00:00.00Z 8. 受影响版本范围: - 8.9.1 - 8.9.0 - 8.8.0 - 8.7.1 - 8.7.0 - 8.6.0 - 8.5.0 - 8.4.0 - 8.3.0 - 8.2.1 - 8.2.0 - 8.1.2 - 8.1.1 - 8.1.0 - 8.0.1 - 8.0.0 - 7.88.1 - 7.88.0 - 7.87.0 - 7.86.0 - 7.85.0 - 7.84.0 - 7.83.1 - 7.83.0 - 7.82.0 - 7.81.0 - 7.80.0 - 7.79.1 - 7.79.0 - 7.78.0 - 7.77.0 - 7.76.0 - 7.75.0 - 7.74.0 - 7.73.0 - 7.72.0 - 7.71.1 - 7.71.0 - 7.70.0 - 7.69.1 - 7.69.0 - 7.68.0 - 7.67.0 - 7.66.0 - 7.65.3 - 7.65.2 - 7.65.1 - 7.65.0 - 7.64.1 - 7.64.0 - 7.63.0 - 7.62.0 - 7.61.1 - 7.61.0 - 7.60.0 - 7.59.0 - 7.58.0 - 7.57.0 - 7.56.1 - 7.56.0 - 7.55.1 - 7.55.0 - 7.54.1 - 7.54.0 - 7.53.1 - 7.53.0 - 7.52.0 - 7.51.0 - 7.50.3 - 7.50.2 - 7.50.1 - 7.50.0 - 7.49.1 - 7.49.0 - 7.48.0 - 7.47.1 - 7.47.0 - 7.46.0 - 7.45.0 - 7.44.0 - 7.43.0 - 7.42.1 - 7.42.0 - 7.41.0 9. 发现者: - Hiroki Kurosawa(FINDER) - Daniel Stenberg(REMEDICATION DEVELOPER) 10. 漏洞描述:当curl被告诉使用Certificate Status Request TLS扩展(通常称为OCSP stapling)来验证服务器证书时,它可能会错误地将一些OCSP问题视为有效,从而导致证书验证失败。如果返回的状态报告的错误不是“revoked”(例如,“unauthorized”),则不会被视为无效证书。