CVE-2024-3884
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-03

Last updated on: 2026-03-30

Assigner: Red Hat, Inc.

Description
A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-03
Last Modified
2026-03-30
Generated
2026-06-16
AI Q&A
2025-12-03
EPSS Evaluated
2026-06-15
NVD
CVE-2024-3884
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
redhat undertow *
redhat jboss_enterprise_application_platform 8.0.11
redhat jboss_enterprise_application_platform 8.0.7
eclipse jgit 6.10.1.202505221210-r
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a flaw in Undertow's FormEncodedDataDefinition.doParse method that occurs when parsing large form data encoded with application/x-www-form-urlencoded. It causes an OutOfMemory issue, allowing unauthorized remote attackers to trigger a denial of service (DoS) by exhausting server memory.

Impact Analysis

The vulnerability can impact you by allowing unauthorized remote attackers to cause a denial of service (DoS) on your server, making it unavailable or unresponsive due to memory exhaustion.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-3884. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart