CVE-2024-34447

Published: May 3, 2024

Modified: Jun 17, 2025

PUBLISHED

Description

An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 (ships with BC Java 1.78, BC Java (LTS) 2.73.6) and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.bouncycastle.org/latest_releases.html

https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9034447

https://security.netapp.com/advisory/ntap-20240614-0007/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-34447

Description

Affected Products

References