Search for vulnerabilities
Vulnerability details: VCID-1ypr-54n1-27hn
Vulnerability ID VCID-1ypr-54n1-27hn
Aliases CVE-2024-8096
Summary When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.
Status Published
Exploitability 0.5
Weighted Severity 5.9
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-295 Improper Certificate Validation
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8096.json
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00187 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00202 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
epss 0.00332 https://api.first.org/data/v1/epss?cve=CVE-2024-8096
cvssv3.1 6.5 https://curl.se/docs/CVE-2024-8096.html
cvssv3.1 Medium https://curl.se/docs/CVE-2024-8096.html
ssvc Track https://curl.se/docs/CVE-2024-8096.html
cvssv3.1 6.5 https://curl.se/docs/CVE-2024-8096.json
ssvc Track https://curl.se/docs/CVE-2024-8096.json
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 6.5 https://hackerone.com/reports/2669852
ssvc Track https://hackerone.com/reports/2669852
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8096.json
https://api.first.org/data/v1/epss?cve=CVE-2024-8096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8096
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2024/11/msg00008.html
https://security.netapp.com/advisory/ntap-20241011-0005/
http://www.openwall.com/lists/oss-security/2024/09/11/1
2310519 https://bugzilla.redhat.com/show_bug.cgi?id=2310519
2669852 https://hackerone.com/reports/2669852
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
CVE-2024-8096 https://nvd.nist.gov/vuln/detail/CVE-2024-8096
CVE-2024-8096.html https://curl.se/docs/CVE-2024-8096.html
CVE-2024-8096.json https://curl.se/docs/CVE-2024-8096.json
USN-7012-1 https://usn.ubuntu.com/7012-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8096.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://curl.se/docs/CVE-2024-8096.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T13:42:47Z/ Found at https://curl.se/docs/CVE-2024-8096.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://curl.se/docs/CVE-2024-8096.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T13:42:47Z/ Found at https://curl.se/docs/CVE-2024-8096.json
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://hackerone.com/reports/2669852
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T13:42:47Z/ Found at https://hackerone.com/reports/2669852
Exploit Prediction Scoring System (EPSS)
Percentile 0.40937
EPSS Score 0.00187
Published At July 31, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:46:13.292011+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/7012-1/ 37.0.0