CVE-2024-3884

State: PUBLISHED · Published: 2025-12-03 · Updated: 2026-04-01 · Assigner: redhat

Description

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.

CWE

CWE-20 — Improper Input Validation

Affected

Red Hat / Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 — v=0:1.4.18-19.SP17_redhat_00001.1.ep7.el7 <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 — v=0:7.1.14-4.GA_redhat_00003.1.ep7.el7 <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 — v=0:2.0.41-7.SP8_redhat_00001.1.el7eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 — v=0:7.3.17-5.GA_redhat_00006.1.el7eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 —
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7 — v=0:2.2.39-1.Final_redhat_00001.1.el7eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7 — v=0:7.4.24-4.GA_redhat_00002.1.el7eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8 — v=0:2.2.39-1.Final_redhat_00001.1.el8eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8 — v=0:7.4.24-4.GA_redhat_00002.1.el8eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9 — v=0:2.2.39-1.Final_redhat_00001.1.el9eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9 — v=0:7.4.24-4.GA_redhat_00002.1.el9eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 —
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 — v=0:1.83.0-1.redhat_00001.1.el8eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 — v=0:33.0.0-2.jre_redhat_00003.1.el8eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 — v=0:4.0.6-1.redhat_00001.1.el8eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 — v=0:1.0.0-3.redhat_00009.1.el8eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 — v=0:2.0.2-1.Final_redhat_00001.1.el8eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 — v=0:2.3.23-1.SP3_redhat_00001.1.el8eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 — v=0:1.83.0-1.redhat_00001.1.el9eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 — v=0:33.0.0-2.jre_redhat_00003.1.el9eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 — v=0:4.0.6-1.redhat_00001.1.el9eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 — v=0:1.0.0-3.redhat_00009.1.el9eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 — v=0:2.0.2-1.Final_redhat_00001.1.el9eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 — v=0:2.3.23-1.SP3_redhat_00001.1.el9eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 —
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 — v=0:4.0.10-1.redhat_00001.1.el8eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 — v=0:1.82.0-1.redhat_00001.1.el8eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 — v=0:801.3.0-1.GA_redhat_00001.1.el8eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 — v=0:1.0.1-3.redhat_00003.1.el8eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 — v=0:6.6.36-1.Final_redhat_00001.1.el8eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 — v=0:4.0.2-1.Final_redhat_00001.1.el8eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 — v=0:2.5.0-1.redhat_00001.1.el8eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 — v=0:2.3.20-2.SP4_redhat_00001.1.el8eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 — v=0:8.1.3-4.GA_redhat_00006.1.el8eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 — v=0:5.0.12-1.Final_redhat_00001.1.el8eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 — v=0:2.6.6-1.Final_redhat_00001.1.el8eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 — v=0:8.1.1-4.GA_redhat_00007.1.el8eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 — v=0:4.0.10-1.redhat_00001.1.el9eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 — v=0:1.82.0-1.redhat_00001.1.el9eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 — v=0:801.3.0-1.GA_redhat_00001.1.el9eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 — v=0:1.0.1-3.redhat_00003.1.el9eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 — v=0:6.6.36-1.Final_redhat_00001.1.el9eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 — v=0:4.0.2-1.Final_redhat_00001.1.el9eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 — v=0:2.5.0-1.redhat_00001.1.el9eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 — v=0:2.3.20-2.SP4_redhat_00001.1.el9eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 — v=0:8.1.3-4.GA_redhat_00006.1.el9eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 — v=0:5.0.12-1.Final_redhat_00001.1.el9eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 — v=0:2.6.6-1.Final_redhat_00001.1.el9eap <* [unaffected]
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 — v=0:8.1.1-4.GA_redhat_00007.1.el9eap <* [unaffected]
Red Hat / OpenShift Serverless —
Red Hat / Red Hat build of Apache Camel 4 for Quarkus 3 —
Red Hat / Red Hat build of Apache Camel for Spring Boot 3 —
Red Hat / Red Hat build of Apache Camel for Spring Boot 4 —
Red Hat / Red Hat build of Apache Camel - HawtIO 4 —
Red Hat / Red Hat build of Apicurio Registry 2 —
Red Hat / Red Hat Build of Keycloak —
Red Hat / Red Hat build of OptaPlanner 8 —
Red Hat / Red Hat build of Quarkus —
Red Hat / Red Hat build of Quarkus —
Red Hat / Red Hat Data Grid 8 —
Red Hat / Red Hat Fuse 7 —
Red Hat / Red Hat Integration Camel K 1 —
Red Hat / Red Hat Integration Camel Quarkus 2 —
Red Hat / Red Hat JBoss Data Grid 7 —
Red Hat / Red Hat JBoss Enterprise Application Platform Expansion Pack —
Red Hat / Red Hat JBoss Fuse Service Works 6 —
Red Hat / Red Hat Process Automation 7 —
Red Hat / Red Hat Single Sign-On 7 —
Red Hat / streams for Apache Kafka —

CVSS

3.1 score=7.5 severity=HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

https://access.redhat.com/errata/RHSA-2026:0383 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:0384 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:0386 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3889 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3891 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3892 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4915 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4916 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4917 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4924 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6011 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6012 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-3884 vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2275287 issue-tracking, x_refsource_REDHAT

Source

cvelistV5-main/cves/2024/3xxx/CVE-2024-3884.json