Main Vulnerability Database SB2024013108

SB2024013108 - OCSP verification bypass with TLS session reuse in cURL

Published: January 31, 2024

Security Bulletin ID SB2024013108

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper check for certificate revocation (CVE-ID: CVE-2024-0853)

The vulnerability allows a remote attacker to bypass OCSP verification.

The vulnerability exists due to curl inadvertently keeps the SSL session ID for connections in its cache even when the verify status (OCSP stapling) test has failed. A subsequent transfer to the same hostname will be successful if the session ID cache is still fresh, which leads to skipping the verify status check. As a result, OCSP verification is always successful for all subsequent TLS sessions.

Remediation

Install update from vendor's website.

References

https://curl.haxx.se/docs/CVE-2024-0853.html