CVE-2024-0853
- Reference to the description:
- Description:
- curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check.
- Last updated date:
- 05/03/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 02/13/2024
- Reference url to background