CVE-2024-34447

An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 (ships with BC Java 1.78, BC Java (LTS) 2.73.6) and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9034447
https://security.netapp.com/advisory/ntap-20240614-0007/
https://www.bouncycastle.org/latest_releases.html
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9034447
https://security.netapp.com/advisory/ntap-20240614-0007/
https://www.bouncycastle.org/latest_releases.html

Configurations

No configuration.

History

17 Jun 2025, 20:15

Type	Values Removed	Values Added
Summary	(en) An issue was discovered in Bouncy Castle Java Cryptography APIs before BC 1.78. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning.	(en) An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 (ships with BC Java 1.78, BC Java (LTS) 2.73.6) and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning.

20 Mar 2025, 20:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CWE		CWE-297

21 Nov 2024, 09:18

Type	Values Removed	Values Added
References	~~() https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9034447 -~~	() https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9034447 -
References	~~() https://security.netapp.com/advisory/ntap-20240614-0007/ -~~	() https://security.netapp.com/advisory/ntap-20240614-0007/ -
References	~~() https://www.bouncycastle.org/latest_releases.html -~~	() https://www.bouncycastle.org/latest_releases.html -

14 Jun 2024, 13:15

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20240614-0007/ -

14 May 2024, 15:39

Type	Values Removed	Values Added
References		() https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9034447 -
Summary		(es) Se descubrió un problema en las API de criptografía Java de Bouncy Castle antes de BC 1.78. Cuando la identificación de endpoint está habilitada en BCJSSE y se crea un socket SSL sin un nombre de host explícito (como sucede con HttpsURLConnection), la verificación del nombre de host podría realizarse contra una dirección IP resuelta por DNS en algunas situaciones, lo que abre una posibilidad de envenenamiento de DNS.

03 May 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-03 16:15

Updated : 2025-06-17 20:15

NVD link : CVE-2024-34447

Mitre link : CVE-2024-34447

CVE.ORG link : CVE-2024-34447

JSON object : View

Products Affected

No product.

CWE

CWE-297

Improper Validation of Certificate with Host Mismatch

{"id": "CVE-2024-34447", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-05-03T16:15:11.460", "references": [{"url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9034447", "source": "cve@mitre.org"}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0007/", "source": "cve@mitre.org"}, {"url": "https://www.bouncycastle.org/latest_releases.html", "source": "cve@mitre.org"}, {"url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9034447", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0007/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.bouncycastle.org/latest_releases.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-297"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 (ships with BC Java 1.78, BC Java (LTS) 2.73.6) and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en las API de criptograf\u00eda Java de Bouncy Castle antes de BC 1.78. Cuando la identificaci\u00f3n de endpoint est\u00e1 habilitada en BCJSSE y se crea un socket SSL sin un nombre de host expl\u00edcito (como sucede con HttpsURLConnection), la verificaci\u00f3n del nombre de host podr\u00eda realizarse contra una direcci\u00f3n IP resuelta por DNS en algunas situaciones, lo que abre una posibilidad de envenenamiento de DNS."}], "lastModified": "2025-06-17T20:15:30.413", "sourceIdentifier": "cve@mitre.org"}

7.5 /10