Lucene search
K

7 matches found

Cvelist
Cvelist
added 2026/06/09 4:3 p.m.33 views

CVE-2026-35188 Double-free When Checking OCSP Stapled Response

Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the statusrequest extension, triggering a double-free in the client's certificate verification path. Impact summary: Successful exploitation allows an attacker to corrupt heap memory via a...

0.00245EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.8 views

CVE-2026-7009

A flaw was found in curl. When curl is configured to use the Certificate Status Request TLS Transport Layer Security extension, also known as OCSP Online Certificate Status Protocol stapling, it fails to properly detect issues with the OCSP response. This can lead curl to incorrectly validate a...

5.3CVSS5.8AI score0.00267EPSS
Exploits1References7
OSV
OSV
added 2026/05/27 12:23 p.m.6 views

EEF-CVE-2026-42791 OCSP responder certificate validity period not checked in public_key

Summary Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkeyocsp:verifyresponse/5 and pubkeyocsp:isauthorizedresponder/3 in...

6.3CVSS5.9AI score0.00316EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/13 8:28 a.m.4 views

CVE-2026-7009

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it fails to detect OCSP problems and instead wrongly consider the response as fine...

5.3CVSS5.8AI score0.00267EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: curl (UTSA-2025-987459)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987459 advisory. When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might...

6.5CVSS7.1AI score0.00729EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-8096

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it...

6.5CVSS7AI score0.00729EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2017/06/28 8:20 p.m.6 views

openssl: OCSP Status Request extension unbounded memory growth

A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it...

7.8CVSS7.2AI score0.63029EPSS
Exploits2References5
Rows per page
Query Builder