curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
The product does not validate, or incorrectly validates, a certificate.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libcurl | Haxx | 7.41.0 (including) | 7.74.0 (excluding) |
Red Hat Enterprise Linux 8 | RedHat | curl-0:7.61.1-18.el8 | * |
Curl | Ubuntu | bionic | * |
Curl | Ubuntu | devel | * |
Curl | Ubuntu | focal | * |
Curl | Ubuntu | groovy | * |
Curl | Ubuntu | trusty | * |
Curl | Ubuntu | upstream | * |
Curl | Ubuntu | xenial | * |