Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2024-34447HistoryMay 03, 2024 - 4:15 p.m.
CVE-2024-34447
2024-05-0316:15:11
Debian Security Bug Tracker
security-tracker.debian.org
16
bouncy castle
java cryptography
dns poisoning
ssl sockets
dns verification
ssl endpoint
An issue was discovered in Bouncy Castle Java Cryptography APIs before BC 1.78. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | bouncycastle | <= 1.72-2 | bouncycastle_1.72-2_all.deb |
| Debian | 11 | all | bouncycastle | <= 1.68-2 | bouncycastle_1.68-2_all.deb |
| Debian | 999 | all | bouncycastle | <= 1.77-1 | bouncycastle_1.77-1_all.deb |
| Debian | 13 | all | bouncycastle | <= 1.77-1 | bouncycastle_1.77-1_all.deb |
Related
veracode
veracode
DNS Poisoning
2024-05-06 06:27:58
osv
osv
CVE-2024-34447
2024-05-03 16:15:00
CGA-j6q8-vx5q-hw34
2024-06-06 12:28:03
CGA-7xqh-m7hm-wmh3
2024-06-06 12:25:05
cvelist
cvelist
CVE-2024-34447
2024-05-03 00:00:00
cgr
cgr
CVE-2024-34447 vulnerabilities
2024-05-19 03:07:16
nvd
nvd
CVE-2024-34447
2024-05-03 16:15:11
vulnrichment
vulnrichment
CVE-2024-34447
2024-05-03 00:00:00
ubuntucve
ubuntucve
CVE-2024-34447
2024-05-03 00:00:00
redhatcve
redhatcve
CVE-2024-34447
2024-05-06 04:10:06
ibm
ibm
github
github
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning
2024-05-03 18:30:37
wolfi
wolfi
CVE-2024-34447 vulnerabilities
2024-09-28 21:12:41
cve
cve
CVE-2024-34447
2024-05-03 16:15:11
nessus
nessus
redhat
redhat
oracle
oracle
Oracle Critical Patch Update Advisory - July 2024
2024-07-16 00:00:00