Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-0853

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check.

Published

2024-02-03T14:15:50.850

Last Modified

2025-06-20T20:15:27.820

Status

Modified

Source

2499f714-1537-4658-8207-48ae4bb9eae9

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-295

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	haxx	curl	8.5.0	Yes

References

https://curl.se/docs/CVE-2024-0853.html Vendor Advisory (2499f714-1537-4658-8207-48ae4bb9eae9)
https://curl.se/docs/CVE-2024-0853.json Vendor Advisory (2499f714-1537-4658-8207-48ae4bb9eae9)
https://hackerone.com/reports/2298922 Exploit, Issue Tracking (2499f714-1537-4658-8207-48ae4bb9eae9)
https://security.netapp.com/advisory/ntap-20240307-0004/ (2499f714-1537-4658-8207-48ae4bb9eae9)
https://security.netapp.com/advisory/ntap-20240426-0009/ (2499f714-1537-4658-8207-48ae4bb9eae9)
https://security.netapp.com/advisory/ntap-20240503-0012/ (2499f714-1537-4658-8207-48ae4bb9eae9)
https://curl.se/docs/CVE-2024-0853.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://curl.se/docs/CVE-2024-0853.json Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/2298922 Exploit, Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240307-0004/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240426-0009/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240503-0012/ (af854a3a-2127-422b-91ae-364da2661108)