CVE-2024-34447

An issue was discovered in Bouncy Castle Java Cryptography APIs before BC 1.78. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9034447
https://security.netapp.com/advisory/ntap-20240614-0007/
https://www.bouncycastle.org/latest_releases.html
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9034447
https://security.netapp.com/advisory/ntap-20240614-0007/
https://www.bouncycastle.org/latest_releases.html

Configurations

No configuration.

History

20 Mar 2025, 20:15

Type	Values Removed	Values Added
CWE		CWE-297
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

Information

Published : 2024-05-03 16:15

Updated : 2025-03-20 20:15

NVD link : CVE-2024-34447

Mitre link : CVE-2024-34447

CVE.ORG link : CVE-2024-34447

JSON object : View

Products Affected

No product.

CWE

CWE-297

Improper Validation of Certificate with Host Mismatch

{"id": "CVE-2024-34447", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-05-03T16:15:11.460", "references": [{"url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9034447", "source": "cve@mitre.org"}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0007/", "source": "cve@mitre.org"}, {"url": "https://www.bouncycastle.org/latest_releases.html", "source": "cve@mitre.org"}, {"url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9034447", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0007/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.bouncycastle.org/latest_releases.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-297"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Bouncy Castle Java Cryptography APIs before BC 1.78. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en las API de criptograf\u00eda Java de Bouncy Castle antes de BC 1.78. Cuando la identificaci\u00f3n de endpoint est\u00e1 habilitada en BCJSSE y se crea un socket SSL sin un nombre de host expl\u00edcito (como sucede con HttpsURLConnection), la verificaci\u00f3n del nombre de host podr\u00eda realizarse contra una direcci\u00f3n IP resuelta por DNS en algunas situaciones, lo que abre una posibilidad de envenenamiento de DNS."}], "lastModified": "2025-03-20T20:15:32.217", "sourceIdentifier": "cve@mitre.org"}