curl CVE-2024-8096 OCSP stapling bypass improper certificate validation

From this webpage screenshot, the following key vulnerability information can be obtained: 1. Vulnerability ID: CURL-CVE-2024-8096 2. Vulnerability Name: OCSP stapling bypass with GnuTLS 3. Modification Time: 2024-09-11T07:39:47.00Z 4. Database-specific Information: - Package Name: curl - URL: https://curl.se/docs/CVE-2024-8096.json - Website: https://curl.se/docs/CVE-2024-8096.html - Issue Report: https://hackerone.com/reports/2669852 - CWE: CWE-295, described as "Improper Certificate Validation" 5. Reward Information: - Amount: $2540 - Currency: USD 6. Affected Versions: - Last Affected Version: 8.9.1 - Severity: Medium 7. Release Time: 2024-09-11T08:00:00.00Z 8. Affected Version Range: - 8.9.1 - 8.9.0 - 8.8.0 - 8.7.1 - 8.7.0 - 8.6.0 - 8.5.0 - 8.4.0 - 8.3.0 - 8.2.1 - 8.2.0 - 8.1.2 - 8.1.1 - 8.1.0 - 8.0.1 - 8.0.0 - 7.88.1 - 7.88.0 - 7.87.0 - 7.86.0 - 7.85.0 - 7.84.0 - 7.83.1 - 7.83.0 - 7.82.0 - 7.81.0 - 7.80.0 - 7.79.1 - 7.79.0 - 7.78.0 - 7.77.0 - 7.76.0 - 7.75.0 - 7.74.0 - 7.73.0 - 7.72.0 - 7.71.1 - 7.71.0 - 7.70.0 - 7.69.1 - 7.69.0 - 7.68.0 - 7.67.0 - 7.66.0 - 7.65.3 - 7.65.2 - 7.65.1 - 7.65.0 - 7.64.1 - 7.64.0 - 7.63.0 - 7.62.0 - 7.61.1 - 7.61.0 - 7.60.0 - 7.59.0 - 7.58.0 - 7.57.0 - 7.56.1 - 7.56.0 - 7.55.1 - 7.55.0 - 7.54.1 - 7.54.0 - 7.53.1 - 7.53.0 - 7.52.0 - 7.51.0 - 7.50.3 - 7.50.2 - 7.50.1 - 7.50.0 - 7.49.1 - 7.49.0 - 7.48.0 - 7.47.1 - 7.47.0 - 7.46.0 - 7.45.0 - 7.44.0 - 7.43.0 - 7.42.1 - 7.42.0 - 7.41.0 9. Discoverer: - Hiroki Kurosawa (FINDER) - Daniel Stenberg (REMEDICATION DEVELOPER) 10. Vulnerability Description: When curl is instructed to use the Certificate Status Request TLS extension (commonly known as OCSP stapling) to validate the server's certificate, it may incorrectly treat certain OCSP issues as valid, leading to certificate validation failure. If the returned status report indicates an error that is not "revoked" (e.g., "unauthorized"), it is not considered an invalid certificate.

Goal Reached Thanks to every supporter — we hit 100%!

curl CVE-2024-8096 OCSP stapling bypass improper certificate validation