CVE Vulnerabilities

CVE-2020-8286

This vulnerability is marked as RESERVED by NVD. This means that the CVE-ID is reserved for future use by the CVE Numbering Authority (CNA) or a security researcher, but the details of it are not yet publicly available yet.

This page will reflect the classification results once they are available through NVD.

Any vendor information available is shown as below.

Redhat

CVE-2020-8286 curl: Inferior OCSP verification

Affected Software List

NameVendorVersion
JBoss Core Services for RHEL 8RedHat
JBoss Core Services on RHEL 7RedHat
Red Hat Enterprise Linux 8RedHatcurl-0:7.61.1-18.el8
Red Hat JBoss Core Services 1RedHat

Ubuntu

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.

Affected Software List

NameVendorVersion
CurlUbuntu/bionic7.58.0-2ubuntu3.12
CurlUbuntu/devel7.74.0-1ubuntu1
CurlUbuntu/trustyout of standard support
CurlUbuntu/xenial7.47.0-1ubuntu2.18
CurlUbuntu/esm-infra/xenial7.47.0-1ubuntu2.18
CurlUbuntu/focal7.68.0-1ubuntu2.4
CurlUbuntu/groovy7.68.0-1ubuntu4.2
CurlUbuntu/upstream7.74.0