Lucene search
CurlCVELIST:CVE-2024-0853HistoryFeb 03, 2024 - 1:35 p.m.
CVE-2024-0853 OCSP verification bypass with TLS session reuse
2024-02-0313:35:25
curl
www.cve.org
2
cve-2024-0853; ocsp verification bypass; tls session reuse; ssl session id; connection cache; verify status.
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (OCSP stapling) test failed. A subsequent transfer to
the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check.
CNA Affected
[
{
"vendor": "curl",
"product": "curl",
"versions": [
{
"version": "8.5.0",
"status": "affected",
"lessThanOrEqual": "8.5.0",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Related
redhatcve
redhatcve
CVE-2024-0853
2024-01-31 23:49:08
cgr
cgr
CVE-2024-0853 vulnerabilities
2024-05-19 03:07:16
osv
osv
CVE-2024-0853
2024-02-03 14:15:50
OCSP verification bypass with TLS session reuse
2024-01-31 08:00:00
aix
aix
freebsd
freebsd
curl -- OCSP verification bypass with TLS session reuse
2024-01-31 00:00:00
wolfi
wolfi
CVE-2024-0853 vulnerabilities
2024-07-06 03:08:40
nvd
nvd
CVE-2024-0853
2024-02-03 14:15:50
debiancve
debiancve
CVE-2024-0853
2024-02-03 14:15:50
hackerone
hackerone
curl: CVE-2024-0853: OCSP verification bypass with TLS session reuse
2023-12-29 02:22:16
ibm
ibm
veracode
veracode
Improper Certificate Validation
2024-02-03 03:55:20
ubuntucve
ubuntucve
CVE-2024-0853
2024-01-31 00:00:00
prion
prion
Design/Logic Flaw
2024-02-03 14:15:00
nessus
nessus
Curl 8.5.0 < 8.6.0 Security Bypass (CVE-2024-0853)
2024-02-02 00:00:00
Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2024-581)
2024-04-03 00:00:00
cve
cve
CVE-2024-0853
2024-02-03 14:15:50
alpinelinux
alpinelinux
CVE-2024-0853
2024-02-03 14:15:50
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00