CVE-2024-3884
Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded
CVSS Score
7.5
EPSS Score
0.1%
EPSS Percentile
31th
A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.
| CWE | CWE-20 |
| Vendor | red hat |
| Product | red hat jboss enterprise application platform |
| Published | Dec 3, 2025 |
| Last Updated | Jun 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat jboss enterprise application platform
Be the first to know when new high vulnerabilities affecting red hat red hat jboss enterprise application platform are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected Versions
Red Hat / Red Hat JBoss Enterprise Application Platform
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected Red Hat / OpenShift Serverless
All versions affected Red Hat / Red Hat build of Apache Camel 4 for Quarkus 3
All versions affected Red Hat / Red Hat build of Apache Camel for Spring Boot 3
All versions affected Red Hat / Red Hat build of Apache Camel for Spring Boot 4
All versions affected Red Hat / Red Hat build of Apache Camel - HawtIO 4
All versions affected Red Hat / Red Hat build of Apicurio Registry 2
All versions affected Red Hat / Red Hat Build of Keycloak
All versions affected Red Hat / Red Hat build of OptaPlanner 8
All versions affected Red Hat / Red Hat build of Quarkus
All versions affected Red Hat / Red Hat build of Quarkus
All versions affected Red Hat / Red Hat Data Grid 8
All versions affected Red Hat / Red Hat Fuse 7
All versions affected Red Hat / Red Hat Integration Camel K 1
All versions affected Red Hat / Red Hat Integration Camel Quarkus 2
All versions affected Red Hat / Red Hat JBoss Data Grid 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform Expansion Pack
All versions affected Red Hat / Red Hat JBoss Fuse Service Works 6
All versions affected Red Hat / Red Hat Process Automation 7
All versions affected Red Hat / Red Hat Single Sign-On 7
All versions affected Red Hat / streams for Apache Kafka
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2026:0383 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:0384 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:0386 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3889 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3891 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3892 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4915 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4916 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4917 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4924 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6011 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6012 access.redhat.com: https://access.redhat.com/security/cve/CVE-2024-3884 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2275287