CVE-2024-8096

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: curl versions prior to 8.10.0

Description: The issue is related to the improper validation of server certificates when using the Certificate Status Request TLS extension, also known as OCSP stapling. If the returned status reports an error other than 'revoked', such as 'unauthorized', it is not treated as a bad certificate. This could potentially allow for man-in-the-middle attacks due to improper validation.

Recommendations: For curl versions prior to 8.10.0, upgrade to version 8.10.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of OCSP stapling until a patch is available. Restrict access to sensitive data and minimize the risk of exploitation by avoiding the use of vulnerable curl versions for critical operations.

Exploit

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

ALT-PU-2024-12466

ALT-PU-2024-14880

ALT-PU-2024-16747

ALT-PU-2025-1416

AZL-49035

AZL-49038

AZL-49041

AZL-49099

AZL-49132

BDU:2024-07774

CLEANSTART-2026-AY18527

CLEANSTART-2026-BW46578

CLEANSTART-2026-DI23929

CLEANSTART-2026-LQ42192

CLEANSTART-2026-OF85770

CVE-2024-8096

DLA-3951-1

JLSEC-2026-418

OPENSUSE-SU-2024:14333-1

OPENSUSE-SU-2024_3204-1

OPENSUSE-SU-2024_3211-1

SUSE-SU-2024:3202-1

SUSE-SU-2024:3203-1

SUSE-SU-2024:3204-1

SUSE-SU-2024:3211-1

SUSE-SU-2024_3203-1

SUSE-SU-2024_3204-1

SUSE-SU-2024_3211-1

SUSE-SU-2025:20239-1

USN-7012-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Red Os

Suse

Ubuntu

Curl

CVE-2024-8096

Weakness Enumeration

Related Identifiers

Affected Products

References · 323