AZL-34648 CVE-2024-0853 affecting package curl for versions less than 8.8.0-1

🗓️ 03 Feb 2024 14:15:50Reported by GoogleType

osv🔗 osv.dev👁 2 Views

CVE-2024-0853 affects curl below 8.8.0-1; SSL session IDs cached after OCSP stapling failure, enabling bypass on reconnect.

Reporter	Title	Published	Views	Family All 68
FreeBSD	curl -- OCSP verification bypass with TLS session reuse	31 Jan 202400:00	–	freebsd
IBM Security Bulletins	Security Bulletin: AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2024-0853)	20 Jun 202422:03	–	ibm
IBM Security Bulletins	Security Bulletin: PowerSC is vulnerable to security restrictions bypass due to Curl (CVE-2023-46218, CVE-2023-46219, CVE-2024-0853)	20 Mar 202418:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MaaS360 Cloud Extender Agent, Configuration Utility, Email Notification, Real Time Action and Base Module affected by multiple vulnerabilities (CVE-2023-46219, CVE-2023-46218, CVE-2023-52071, CVE-2024-0853)	15 Apr 202502:30	–	ibm
Tenable Nessus	Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2024-581)	3 Apr 202400:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: curl (CVE-2024-0853)	10 Feb 202500:00	–	nessus
Tenable Nessus	Curl 8.5.0 < 8.6.0 Security Bypass (CVE-2024-0853)	2 Feb 202400:00	–	nessus
Tenable Nessus	FreeBSD : curl -- OCSP verification bypass with TLS session reuse (02e33cd1-c655-11ee-8613-08002784c58d)	28 Feb 202400:00	–	nessus
Tenable Nessus	GLSA-202409-20 : curl: Multiple Vulnerabilities	23 Sep 202400:00	–	nessus
Tenable Nessus	CBL Mariner 2.0 Security Update: curl (CVE-2024-0853)	6 Aug 202400:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-0853

21 Apr 2026 04:27Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.15.3

EPSS0.00187