DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-34447

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-34447

CGA ID

CGA-c2cg-6qfv-hcj9

Description

An issue was discovered in Bouncy Castle Java Cryptography APIs before BC 1.78. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images