Assigner | microsoft |
Reserved | 2023-11-28 |
Published | 2024-01-09 |
Updated | 2024-07-19 |
Description
Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability
MEDIUM: 6.6 | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Problem types
CWE-416: Use After Free
Product status
10.0.0 before 10.0.17763.5329
affected
10.0.0 before 10.0.17763.5329
affected
10.0.0 before 10.0.20348.2227
affected
10.0.0 before 10.0.25398.643
affected
10.0.0 before 10.0.14393.6614
affected
10.0.0 before 10.0.14393.6614
affected
6.0.0 before 6.0.6003.22464
affected
6.0.0 before 6.0.6003.22464
affected
6.0.0 before 6.0.6003.22464
affected
6.1.0 before 6.1.7601.26910
affected
6.0.0 before 6.1.7601.26910
affected
6.2.0 before 6.2.9200.24664
affected
6.2.0 before 6.2.9200.24664
affected
6.3.0 before 6.3.9600.21765
affected
6.3.0 before 6.3.9600.21765
affected
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20655 (Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability) vendor-advisory
cve.org CVE-2024-20655
nvd.nist.gov CVE-2024-20655
Download JSON