An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 (ships with BC Java 1.78, BC Java (LTS) 2.73.6) and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning.
References
Configurations
No configuration.
History
17 Jun 2025, 20:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 (ships with BC Java 1.78, BC Java (LTS) 2.73.6) and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning. |
20 Mar 2025, 20:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-297 |
21 Nov 2024, 09:18
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9034447 - | |
References | () https://security.netapp.com/advisory/ntap-20240614-0007/ - | |
References | () https://www.bouncycastle.org/latest_releases.html - |
14 Jun 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 May 2024, 15:39
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary |
|
03 May 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-05-03 16:15
Updated : 2025-06-17 20:15
NVD link : CVE-2024-34447
Mitre link : CVE-2024-34447
CVE.ORG link : CVE-2024-34447
JSON object : View
Products Affected
No product.
CWE
CWE-297
Improper Validation of Certificate with Host Mismatch