Lucene search
Ubuntu.comUB:CVE-2024-34447HistoryMay 03, 2024 - 12:00 a.m.
CVE-2024-34447
2024-05-0300:00:00
ubuntu.com
ubuntu.com
21
bouncy castle java cryptography
endpoint identification
ssl socket
hostname verification
dns poisoning
cve-2024-34447
unix
An issue was discovered in Bouncy Castle Java Cryptography APIs before BC
1.78. When endpoint identification is enabled in the BCJSSE and an SSL
socket is created without an explicit hostname (as happens with
HttpsURLConnection), hostname verification could be performed against a
DNS-resolved IP address in some situations, opening up a possibility of DNS
poisoning.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | bouncycastle | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | bouncycastle | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | bouncycastle | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | bouncycastle | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | bouncycastle | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | bouncycastle | < any | UNKNOWN |
Related
nvd
nvd
CVE-2024-34447
2024-05-03 16:15:11
debiancve
debiancve
CVE-2024-34447
2024-05-03 16:15:11
osv
osv
CGA-wvcg-3cjq-8wjm
2024-06-19 07:36:47
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning
2024-05-03 18:30:37
redhatcve
redhatcve
CVE-2024-34447
2024-05-06 04:10:06
veracode
veracode
DNS Poisoning
2024-05-06 06:27:58
cvelist
cvelist
CVE-2024-34447
2024-05-03 00:00:00
cgr
cgr
CVE-2024-34447 vulnerabilities
2024-05-19 03:07:16
vulnrichment
vulnrichment
CVE-2024-34447
2024-05-03 00:00:00
cve
cve
CVE-2024-34447
2024-05-03 16:15:11
github
github
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning
2024-05-03 18:30:37
wolfi
wolfi
CVE-2024-34447 vulnerabilities
2024-06-28 21:08:33
nessus
nessus
ibm
ibm