curl: CVE-2024-8096: OCSP stapling bypass with GnuTLS

CVE-2024-8096 was a vulnerability in GnuTLS where the OCSP stapling validation process could be bypassed, allowing the establishment of a connection even when the certificate was revoked. The issue was caused by a flaw in the gnutlscertificateverifypeers2 function, which only returned an error wh...

OpenSSL 0.9.8h < 0.9.8r Vulnerability

The version of OpenSSL installed on the remote host is prior to 0.9.8r. It is, therefore, affected by a vulnerability as referenced in the 0.9.8r advisory. - ssl/t1lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service crash, and...

Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2024-581)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-581 advisory. A flaw was found in Curl, where it inadvertently kept the SSL session ID for connections in its cache even when the verify status, OCSP stapling test, failed. A subsequent transfer to the same hostname...

Low: curl

Issue Overview: A flaw was found in Curl, where it inadvertently kept the SSL session ID for connections in its cache even when the verify status, OCSP stapling test, failed. A subsequent transfer to the same hostname could succeed if the session ID cache were still fresh, which then skips the...

CVE-2024-0853

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

CVE-2024-0853

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

AZL-34648 CVE-2024-0853 affecting package curl for versions less than 8.8.0-1

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

ALPINE-CVE-2024-0853

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

AZL-34061 CVE-2024-0853 affecting package curl for versions less than 8.8.0-1

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

CVE-2024-0853

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

CVE-2024-0853

CVE-2024-0853 affects curl by retaining SSL session IDs in the cache after an OCSP stapling verify status test fails, allowing a subsequent transfer to bypass verification if the session cache is still fresh. Connected documents confirm this is a curl vulnerability affecting multiple platforms an...

CVE-2024-0853

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

Improper Certificate Validation

curl is vulnerable to Improper Certificate Validation.The vulnerability is due to the retention of SSL session IDs in the cache, even when the OCSP stapling verification fails. This flaw allows subsequent connections to the same hostname to succeed without proper verification if the session ID...

SUSE CVE-2024-0853

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

CVE-2024-0853

A flaw was found in Curl, where it inadvertently kept the SSL session ID for connections in its cache even when the verify status, OCSP stapling test, failed. A subsequent transfer to the same hostname could succeed if the session ID cache were still fresh, which then skips the verify status chec...

CURL-CVE-2024-0853 OCSP verification bypass with TLS session reuse

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

UBUNTU-CVE-2024-0853

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check...

K73202036: Configuring SSL Forward Proxy and an OCSP stapling profile may allow a connection to a website with a revoked certificate

Security Advisory Description When you have configured the BIG-IP system for SSL Forward Proxy and have also configured an Online Certificate Status Protocol OCSP stapling profile, under certain conditions, the client could connect to a website with a revoked certificate without knowing it, despi...

SUSE CVE-2011-0014

ssl/t1lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service crash, and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access,...

subscription-manager bug fix and enhancement update

An update is available for subscription-manager. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The subscription-manager packages provide programs and libraries...