curl inadvertently kept the SSL... CVE-2024-0853

- AV AC AU C I A
发布: 2024-02-03
修订: 2024-04-26

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check.

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有2条受影响产品信息