UBUNTU-CVE-2024-8096
- Source
- https://ubuntu.com/security/CVE-2024-8096
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-8096.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-8096
- Related
- Published
- 2024-09-11T00:00:00Z
- Modified
- 2025-04-23T15:06:32Z
- Summary
- [none]
- Details
-
When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.
- References
Affected packages
Ubuntu:Pro:14.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.35.0-1ubuntu2.20+esm18?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.32.0-1ubuntu1
7.33.0-1ubuntu1
7.34.0-1ubuntu1
7.35.0-1ubuntu1
7.35.0-1ubuntu2
7.35.0-1ubuntu2.1
7.35.0-1ubuntu2.2
7.35.0-1ubuntu2.3
7.35.0-1ubuntu2.5
7.35.0-1ubuntu2.6
7.35.0-1ubuntu2.7
7.35.0-1ubuntu2.8
7.35.0-1ubuntu2.9
7.35.0-1ubuntu2.10
7.35.0-1ubuntu2.11
7.35.0-1ubuntu2.12
7.35.0-1ubuntu2.13
7.35.0-1ubuntu2.14
7.35.0-1ubuntu2.15
7.35.0-1ubuntu2.16
7.35.0-1ubuntu2.17
7.35.0-1ubuntu2.19
7.35.0-1ubuntu2.20
7.35.0-1ubuntu2.20+esm3
7.35.0-1ubuntu2.20+esm4
7.35.0-1ubuntu2.20+esm5
7.35.0-1ubuntu2.20+esm6
7.35.0-1ubuntu2.20+esm7
7.35.0-1ubuntu2.20+esm8
7.35.0-1ubuntu2.20+esm9
7.35.0-1ubuntu2.20+esm10
7.35.0-1ubuntu2.20+esm11
7.35.0-1ubuntu2.20+esm12
7.35.0-1ubuntu2.20+esm13
7.35.0-1ubuntu2.20+esm14
7.35.0-1ubuntu2.20+esm15
7.35.0-1ubuntu2.20+esm16
7.35.0-1ubuntu2.20+esm17
7.35.0-1ubuntu2.20+esm18
Ubuntu:Pro:16.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.47.0-1ubuntu2.19+esm13?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.43.0-1ubuntu2
7.45.0-1ubuntu1
7.46.0-1ubuntu1
7.47.0-1ubuntu1
7.47.0-1ubuntu2
7.47.0-1ubuntu2.1
7.47.0-1ubuntu2.2
7.47.0-1ubuntu2.3
7.47.0-1ubuntu2.4
7.47.0-1ubuntu2.5
7.47.0-1ubuntu2.6
7.47.0-1ubuntu2.7
7.47.0-1ubuntu2.8
7.47.0-1ubuntu2.9
7.47.0-1ubuntu2.11
7.47.0-1ubuntu2.12
7.47.0-1ubuntu2.13
7.47.0-1ubuntu2.14
7.47.0-1ubuntu2.15
7.47.0-1ubuntu2.16
7.47.0-1ubuntu2.18
7.47.0-1ubuntu2.19
7.47.0-1ubuntu2.19+esm1
7.47.0-1ubuntu2.19+esm2
7.47.0-1ubuntu2.19+esm3
7.47.0-1ubuntu2.19+esm4
7.47.0-1ubuntu2.19+esm5
7.47.0-1ubuntu2.19+esm6
7.47.0-1ubuntu2.19+esm7
7.47.0-1ubuntu2.19+esm8
7.47.0-1ubuntu2.19+esm9
7.47.0-1ubuntu2.19+esm10
7.47.0-1ubuntu2.19+esm11
7.47.0-1ubuntu2.19+esm12
7.47.0-1ubuntu2.19+esm13
Ubuntu:Pro:18.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.58.0-2ubuntu3.24+esm5?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.55.1-1ubuntu2
7.55.1-1ubuntu2.1
7.57.0-1ubuntu1
7.58.0-2ubuntu1
7.58.0-2ubuntu2
7.58.0-2ubuntu3
7.58.0-2ubuntu3.1
7.58.0-2ubuntu3.2
7.58.0-2ubuntu3.3
7.58.0-2ubuntu3.5
7.58.0-2ubuntu3.6
7.58.0-2ubuntu3.7
7.58.0-2ubuntu3.8
7.58.0-2ubuntu3.9
7.58.0-2ubuntu3.10
7.58.0-2ubuntu3.12
7.58.0-2ubuntu3.13
7.58.0-2ubuntu3.14
7.58.0-2ubuntu3.15
7.58.0-2ubuntu3.16
7.58.0-2ubuntu3.17
7.58.0-2ubuntu3.18
7.58.0-2ubuntu3.19
7.58.0-2ubuntu3.20
7.58.0-2ubuntu3.21
7.58.0-2ubuntu3.22
7.58.0-2ubuntu3.23
7.58.0-2ubuntu3.24
7.58.0-2ubuntu3.24+esm1
7.58.0-2ubuntu3.24+esm2
7.58.0-2ubuntu3.24+esm3
7.58.0-2ubuntu3.24+esm4
7.58.0-2ubuntu3.24+esm5
Ubuntu:20.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.68.0-1ubuntu2.24?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.68.0-1ubuntu2.24
Affected versions
7.*
7.65.3-1ubuntu3
7.65.3-1ubuntu4
7.66.0-1ubuntu1
7.67.0-2ubuntu1
7.68.0-1ubuntu1
7.68.0-1ubuntu2
7.68.0-1ubuntu2.1
7.68.0-1ubuntu2.2
7.68.0-1ubuntu2.4
7.68.0-1ubuntu2.5
7.68.0-1ubuntu2.6
7.68.0-1ubuntu2.7
7.68.0-1ubuntu2.10
7.68.0-1ubuntu2.11
7.68.0-1ubuntu2.12
7.68.0-1ubuntu2.13
7.68.0-1ubuntu2.14
7.68.0-1ubuntu2.15
7.68.0-1ubuntu2.16
7.68.0-1ubuntu2.18
7.68.0-1ubuntu2.19
7.68.0-1ubuntu2.20
7.68.0-1ubuntu2.21
7.68.0-1ubuntu2.22
7.68.0-1ubuntu2.23
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "7.68.0-1ubuntu2.24",
"binary_name": "curl"
},
{
"binary_version": "7.68.0-1ubuntu2.24",
"binary_name": "curl-dbgsym"
},
{
"binary_version": "7.68.0-1ubuntu2.24",
"binary_name": "libcurl3-gnutls"
},
{
"binary_version": "7.68.0-1ubuntu2.24",
"binary_name": "libcurl3-gnutls-dbgsym"
},
{
"binary_version": "7.68.0-1ubuntu2.24",
"binary_name": "libcurl3-nss"
},
{
"binary_version": "7.68.0-1ubuntu2.24",
"binary_name": "libcurl3-nss-dbgsym"
},
{
"binary_version": "7.68.0-1ubuntu2.24",
"binary_name": "libcurl4"
},
{
"binary_version": "7.68.0-1ubuntu2.24",
"binary_name": "libcurl4-dbgsym"
},
{
"binary_version": "7.68.0-1ubuntu2.24",
"binary_name": "libcurl4-doc"
},
{
"binary_version": "7.68.0-1ubuntu2.24",
"binary_name": "libcurl4-gnutls-dev"
},
{
"binary_version": "7.68.0-1ubuntu2.24",
"binary_name": "libcurl4-nss-dev"
},
{
"binary_version": "7.68.0-1ubuntu2.24",
"binary_name": "libcurl4-openssl-dev"
}
]
}
Ubuntu:22.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.18?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.81.0-1ubuntu1.18
Affected versions
7.*
7.74.0-1.3ubuntu2
7.74.0-1.3ubuntu3
7.80.0-3
7.81.0-1
7.81.0-1ubuntu1.1
7.81.0-1ubuntu1.2
7.81.0-1ubuntu1.3
7.81.0-1ubuntu1.4
7.81.0-1ubuntu1.6
7.81.0-1ubuntu1.7
7.81.0-1ubuntu1.8
7.81.0-1ubuntu1.10
7.81.0-1ubuntu1.11
7.81.0-1ubuntu1.13
7.81.0-1ubuntu1.14
7.81.0-1ubuntu1.15
7.81.0-1ubuntu1.16
7.81.0-1ubuntu1.17
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "7.81.0-1ubuntu1.18",
"binary_name": "curl"
},
{
"binary_version": "7.81.0-1ubuntu1.18",
"binary_name": "curl-dbgsym"
},
{
"binary_version": "7.81.0-1ubuntu1.18",
"binary_name": "libcurl3-gnutls"
},
{
"binary_version": "7.81.0-1ubuntu1.18",
"binary_name": "libcurl3-gnutls-dbgsym"
},
{
"binary_version": "7.81.0-1ubuntu1.18",
"binary_name": "libcurl3-nss"
},
{
"binary_version": "7.81.0-1ubuntu1.18",
"binary_name": "libcurl3-nss-dbgsym"
},
{
"binary_version": "7.81.0-1ubuntu1.18",
"binary_name": "libcurl4"
},
{
"binary_version": "7.81.0-1ubuntu1.18",
"binary_name": "libcurl4-dbgsym"
},
{
"binary_version": "7.81.0-1ubuntu1.18",
"binary_name": "libcurl4-doc"
},
{
"binary_version": "7.81.0-1ubuntu1.18",
"binary_name": "libcurl4-gnutls-dev"
},
{
"binary_version": "7.81.0-1ubuntu1.18",
"binary_name": "libcurl4-nss-dev"
},
{
"binary_version": "7.81.0-1ubuntu1.18",
"binary_name": "libcurl4-openssl-dev"
}
]
}
Ubuntu:24.10 / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@8.9.1-2ubuntu2?arch=source&distro=oracular
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.9.1-2ubuntu2
Affected versions
8.*
8.5.0-2ubuntu10
8.5.0-2ubuntu10.1
8.8.0-1ubuntu1
8.8.0-3ubuntu3
8.9.1-2ubuntu1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "8.9.1-2ubuntu2",
"binary_name": "curl"
},
{
"binary_version": "8.9.1-2ubuntu2",
"binary_name": "curl-dbgsym"
},
{
"binary_version": "8.9.1-2ubuntu2",
"binary_name": "libcurl3t64-gnutls"
},
{
"binary_version": "8.9.1-2ubuntu2",
"binary_name": "libcurl3t64-gnutls-dbgsym"
},
{
"binary_version": "8.9.1-2ubuntu2",
"binary_name": "libcurl4-doc"
},
{
"binary_version": "8.9.1-2ubuntu2",
"binary_name": "libcurl4-gnutls-dev"
},
{
"binary_version": "8.9.1-2ubuntu2",
"binary_name": "libcurl4-openssl-dev"
},
{
"binary_version": "8.9.1-2ubuntu2",
"binary_name": "libcurl4t64"
},
{
"binary_version": "8.9.1-2ubuntu2",
"binary_name": "libcurl4t64-dbgsym"
}
]
}
Ubuntu:24.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.4?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.5.0-2ubuntu10.4
Affected versions
8.*
8.2.1-1ubuntu3
8.2.1-1ubuntu3.1
8.4.0-2ubuntu1
8.5.0-2ubuntu1
8.5.0-2ubuntu2
8.5.0-2ubuntu8
8.5.0-2ubuntu9
8.5.0-2ubuntu10
8.5.0-2ubuntu10.1
8.5.0-2ubuntu10.2
8.5.0-2ubuntu10.3
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "8.5.0-2ubuntu10.4",
"binary_name": "curl"
},
{
"binary_version": "8.5.0-2ubuntu10.4",
"binary_name": "curl-dbgsym"
},
{
"binary_version": "8.5.0-2ubuntu10.4",
"binary_name": "libcurl3t64-gnutls"
},
{
"binary_version": "8.5.0-2ubuntu10.4",
"binary_name": "libcurl3t64-gnutls-dbgsym"
},
{
"binary_version": "8.5.0-2ubuntu10.4",
"binary_name": "libcurl4-doc"
},
{
"binary_version": "8.5.0-2ubuntu10.4",
"binary_name": "libcurl4-gnutls-dev"
},
{
"binary_version": "8.5.0-2ubuntu10.4",
"binary_name": "libcurl4-openssl-dev"
},
{
"binary_version": "8.5.0-2ubuntu10.4",
"binary_name": "libcurl4t64"
},
{
"binary_version": "8.5.0-2ubuntu10.4",
"binary_name": "libcurl4t64-dbgsym"
}
]
}
Ubuntu:25.04 / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@8.9.1-2ubuntu2?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.9.1-2ubuntu2
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "8.9.1-2ubuntu2",
"binary_name": "curl"
},
{
"binary_version": "8.9.1-2ubuntu2",
"binary_name": "curl-dbgsym"
},
{
"binary_version": "8.9.1-2ubuntu2",
"binary_name": "libcurl3t64-gnutls"
},
{
"binary_version": "8.9.1-2ubuntu2",
"binary_name": "libcurl3t64-gnutls-dbgsym"
},
{
"binary_version": "8.9.1-2ubuntu2",
"binary_name": "libcurl4-doc"
},
{
"binary_version": "8.9.1-2ubuntu2",
"binary_name": "libcurl4-gnutls-dev"
},
{
"binary_version": "8.9.1-2ubuntu2",
"binary_name": "libcurl4-openssl-dev"
},
{
"binary_version": "8.9.1-2ubuntu2",
"binary_name": "libcurl4t64"
},
{
"binary_version": "8.9.1-2ubuntu2",
"binary_name": "libcurl4t64-dbgsym"
}
]
}