{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-34447", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T02:51:11.426Z", "dateReserved": "2024-05-03T00:00:00", "datePublished": "2024-05-03T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-14T13:06:15.072962"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Bouncy Castle Java Cryptography APIs before BC 1.78. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.bouncycastle.org/latest_releases.html"}, {"url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9034447"}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0007/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34447", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-16T18:10:40.780151Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:42:12.612Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:51:11.426Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.bouncycastle.org/latest_releases.html", "tags": ["x_transferred"]}, {"url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9034447", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0007/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.bouncycastle.org/latest_releases.html", "tags": ["x_transferred"]}, {"url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9034447", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0007/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:51:11.426Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34447", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-16T18:10:40.780151Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-16T18:11:02.087Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.bouncycastle.org/latest_releases.html"}, {"url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9034447"}, {"url": "https://security.netapp.com/advisory/ntap-20240614-0007/"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Bouncy Castle Java Cryptography APIs before BC 1.78. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-14T13:06:15.072962"}}}, "cveMetadata": {"cveId": "CVE-2024-34447", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:51:11.426Z", "dateReserved": "2024-05-03T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-05-03T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "An issue was discovered in Bouncy Castle Java Cryptography APIs before BC 1.78. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en las API de criptograf\u00eda Java de Bouncy Castle antes de BC 1.78. Cuando la identificaci\u00f3n de endpoint est\u00e1 habilitada en BCJSSE y se crea un socket SSL sin un nombre de host expl\u00edcito (como sucede con HttpsURLConnection), la verificaci\u00f3n del nombre de host podr\u00eda realizarse contra una direcci\u00f3n IP resuelta por DNS en algunas situaciones, lo que abre una posibilidad de envenenamiento de DNS."}], "id": "CVE-2024-34447", "lastModified": "2024-11-21T09:18:41.543", "metrics": {}, "published": "2024-05-03T16:15:11.460", "references": [{"source": "cve@mitre.org", "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9034447"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20240614-0007/"}, {"source": "cve@mitre.org", "url": "https://www.bouncycastle.org/latest_releases.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9034447"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240614-0007/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.bouncycastle.org/latest_releases.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:4271", "cpe": "cpe:/a:redhat:amq_broker:7.12", "package": "org.bouncycastle:bcprov-jdk18on", "product_name": "Red Hat AMQ Broker 7", "release_date": "2024-07-02T00:00:00Z"}, {"advisory": "RHSA-2024:4326", "cpe": "cpe:/a:redhat:quarkus:3.8::el8", "package": "org.bouncycastle/bcprov-jdk18on:1.78.1.redhat-00002", "product_name": "Red Hat build of Quarkus 3.8.5.redhat", "release_date": "2024-07-08T00:00:00Z"}], "bugzilla": {"description": "org.bouncycastle: Use of Incorrectly-Resolved Name or Reference", "id": "2279227", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279227"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified"}, "cwe": "CWE-706", "details": ["An issue was discovered in Bouncy Castle Java Cryptography APIs before BC 1.78. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning.", "A flaw was found in Bouncy Castle Java Cryptography APIs. Affected versions of this package are vulnerable to a use of incorrectly-resolved name or reference issue when resolving domain names over an SSL socket that was created without an explicit hostname, such as in the HttpsURLConnection() function. If endpoint identification is enabled, this flow allows an attacker to trigger hostname verification against a DNS-resolved address."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-34447", "package_state": [{"cpe": "cpe:/a:redhat:a_mq_clients:2", "fix_state": "Will not fix", "package_name": "org.bouncycastle-bctls", "product_name": "A-MQ Clients 2"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/elasticsearch6-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:6", "fix_state": "Affected", "package_name": "org.bouncycastle-bctls", "product_name": "Migration Toolkit for Applications 6"}, {"cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1", "fix_state": "Affected", "package_name": "org.bouncycastle-bctls", "product_name": "Migration Toolkit for Runtimes"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:3", "fix_state": "Out of support scope", "package_name": "org.bouncycastle-bctls", "product_name": "Red Hat build of Apache Camel for Spring Boot 3"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:4", "fix_state": "Affected", "package_name": "org.bouncycastle-bctls", "product_name": "Red Hat build of Apache Camel for Spring Boot 4"}, {"cpe": "cpe:/a:redhat:build_keycloak:", "fix_state": "Affected", "package_name": "org.bouncycastle-bctls", "product_name": "Red Hat Build of Keycloak"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Not affected", "package_name": "org.bouncycastle-bctls", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "org.bouncycastle-bctls", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Will not fix", "package_name": "org.bouncycastle-bctls", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "org.bouncycastle-bctls", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Not affected", "package_name": "org.bouncycastle-bctls", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "org.bouncycastle-bctls", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}], "public_date": "2024-05-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-34447\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-34447"], "statement": "The vulnerability in Bouncy Castle Java Cryptography APIs, allowing for incorrect resolution of domain names during SSL/TLS connections without explicitly specifying a hostname, is assessed as moderate severity due to its potential impact on security. By exploiting this flaw, an attacker could manipulate DNS resolution to present a different server's certificate, leading to a mismatch between expected and verified hostnames. While this could facilitate a man-in-the-middle attack under specific conditions, its severity is moderated by the prerequisite of the attacker controlling DNS responses or intercepting network traffic.", "threat_severity": "Moderate", "upstream_fix": "BC 1.78"}