CVE-2024-3884

Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded

Description

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.

INFO

Published Date :

2025-12-03T18:40:25.606Z

Last Modified :

2026-04-01T13:32:57.051Z

Source :

redhat

AFFECTED PRODUCTS

The following products are affected by CVE-2024-3884 vulnerability.

Vendors	Products
Redhat	Amq Streams Apache Camel Hawtio Build Keycloak Camel Quarkus Camel Spring Boot Integration Jboss Data Grid Jboss Enterprise Application Platform Jboss Enterprise Application Platform Els Jboss Enterprise Application Platform Eus Jboss Enterprise Bpms Platform Jboss Fuse Jboss Fuse Service Works Jbosseapxp Optaplanner Quarkus Red Hat Single Sign On Serverless Service Registry

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-3884.

URL	Resource
https://access.redhat.com/errata/RHSA-2026:0383
https://access.redhat.com/errata/RHSA-2026:0384
https://access.redhat.com/errata/RHSA-2026:0386
https://access.redhat.com/errata/RHSA-2026:3889
https://access.redhat.com/errata/RHSA-2026:3891
https://access.redhat.com/errata/RHSA-2026:3892
https://access.redhat.com/errata/RHSA-2026:4915
https://access.redhat.com/errata/RHSA-2026:4916
https://access.redhat.com/errata/RHSA-2026:4917
https://access.redhat.com/errata/RHSA-2026:4924
https://access.redhat.com/errata/RHSA-2026:6011
https://access.redhat.com/errata/RHSA-2026:6012
https://access.redhat.com/security/cve/CVE-2024-3884
https://bugzilla.redhat.com/show_bug.cgi?id=2275287
https://nvd.nist.gov/vuln/detail/CVE-2024-3884
https://www.cve.org/CVERecord?id=CVE-2024-3884

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact