OCSP stapling bypass with GnuTLS

Vulnerability

When curl is built with the GnuTLS library and configured to use the Certificate Status Request (OCSP stapling) extension, it incorrectly treats any OCSP response that does not report 'revoked' as a valid certficate [1]. This means that other error statuses such as 'unauthorized' are not considered bad, bypassing OCSP validation. The bug was introduced in curl 7.41.0 and affects all versions up to and including 8.9.1 [1].

Exploitation

An attacker needs to control a TLS server that returns a crafted OCSP stapling response with a status other than 'revoked' (e.g., 'unauthorized'). The victim must use a curl version built with GnuTLS (not the most common TLS backend) and enable OCSP stapling, which is not widely used on the open web [1]. No additional authentication or user interaction beyond initiating a TLS connection is required. The attacker must also serve a valid certificate chain (the OCSP error does not invalidate the certificate itself) [1].

Impact

A successful bypass allows the attacker to present a certificate whose revocation status is ambiguous or denied, while curl incorrectly considers it as valid. This undermines the revocation verification intended by OCSP stapling, potentially enabling a man-in-the-middle attack or connection to a compromised server that would otherwise be rejected. The impact is limited by the requirement that the client uses the GnuTLS backend and that OCSP stapling is enabled [1].

Mitigation

Fixed in curl version 8.10.0, released on September 11, 2024 [1]. Users are recommended to upgrade to 8.10.0 or apply the provided patch [1]. As a workaround, build curl with an unaffected TLS backend (e.g., OpenSSL, NSS, or others) [1]. The affected versions (7.41.0 through 8.9.1) are not EOL, but the patch is available. This CVE is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date.