JLSEC-2026-418 When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP...

🗓️ 04 May 2026 13:12:06Reported by GoogleType

osv🔗 osv.dev👁 1 Views

Curl may miss some certificate status problems when using the Certificate Status Request extension for OCSP stapling, misclassifying non revoked responses.

Reporter	Title	Published	Views	Family All 118
AlpineLinux	CVE-2024-8096	11 Sep 202410:03	–	alpinelinux
AstraLinux	Astra Linux - уязвимость в curl	3 May 202623:59	–	astralinux
Tenable Nessus	Azure Linux 3.0 Security Update: cmake / curl / mysql (CVE-2024-8096)	10 Feb 202500:00	–	nessus
Tenable Nessus	Curl 7.41.0 < 8.10.0 Security Bypass (CVE-2024-8096)	13 Sep 202400:00	–	nessus
Tenable Nessus	Debian dla-3951 : curl - security update	14 Nov 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : curl (EulerOS-SA-2024-2809)	8 Nov 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : curl (EulerOS-SA-2024-2825)	8 Nov 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP10 : curl (EulerOS-SA-2024-2882)	8 Nov 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP10 : curl (EulerOS-SA-2024-2901)	8 Nov 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP12 : curl (EulerOS-SA-2024-2933)	12 Dec 202400:00	–	nessus

Source	Link
openwall	www.openwall.com/lists/oss-security/2024/09/11/1
curl	www.curl.se/docs/CVE-2024-8096.html
curl	www.curl.se/docs/CVE-2024-8096.json
github	www.github.com/advisories/GHSA-gv3v-x3f3-7fxm
hackerone	www.hackerone.com/reports/2669852
lists	www.lists.debian.org/debian-lts-announce/2024/11/msg00008.html
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-8096
security	www.security.netapp.com/advisory/ntap-20241011-0005
security	www.security.netapp.com/advisory/ntap-20241011-0005/

04 May 2026 13:32Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.16.5

EPSS0.00559