Headline

GHSA-4h8f-2wvx-gg5w: Bouncy Castle Java Cryptography API vulnerable to DNS poisoning

An issue was discovered in Bouncy Castle Java Cryptography APIs before BC 1.78. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning.

6 months ago

ghsa

Open in Source

#js #git #java #maven #ssl

GitHub Advisory Database
GitHub Reviewed
CVE-2024-34447

Bouncy Castle Java Cryptography API vulnerable to DNS poisoning

Low severity GitHub Reviewed Published May 3, 2024 to the GitHub Advisory Database • Updated May 3, 2024

Package

maven org.bouncycastle:bcprov-jdk12 (Maven)

maven org.bouncycastle:bcprov-jdk13 (Maven)

maven org.bouncycastle:bcprov-jdk14 (Maven)

maven org.bouncycastle:bcprov-jdk15to18 (Maven)

maven org.bouncycastle:bcprov-jdk18on (Maven)

Published to the GitHub Advisory Database

May 3, 2024

Related news

Red Hat Security Advisory 2024-4326-03

Red Hat Security Advisory 2024-4326-03 - An update is now available for Red Hat build of Quarkus. Issues addressed include a denial of service vulnerability.

3 months ago

Packet Storm

Open in Source

#vulnerability #red_hat #dos #js #java

Red Hat Security Advisory 2024-4271-03

Red Hat Security Advisory 2024-4271-03 - Red Hat AMQ Broker 7.12.1 is now available from the Red Hat Customer Portal. Issues addressed include a denial of service vulnerability.

4 months ago

Packet Storm

Open in Source

#vulnerability #red_hat #dos #js #java