VDB
CVE-2024-3884
CVE-2024-3884
PUBLISHED
CVSS 7.5 HIGH
Undertow OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded
EPSS 0.13% · 31.4th percentile
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.13%
31.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | 0:7.3.17-5.GA_redhat_00006.1.el7eap |
| Red Hat | Red Hat Integration Camel K 1 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 | 0:2.0.2-1.Final_redhat_00001.1.el9eap, 0:2.0.2-1.Final_redhat_00001.1.el9eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 | 0:8.1.3-4.GA_redhat_00006.1.el9eap |
| Red Hat | Red Hat Single Sign-On 7 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 | 0:1.0.0-3.redhat_00009.1.el8eap, 0:1.0.0-3.redhat_00009.1.el8eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 | 0:4.0.6-1.redhat_00001.1.el8eap, 0:4.0.6-1.redhat_00001.1.el8eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 | 0:1.0.1-3.redhat_00003.1.el9eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 | 0:1.82.0-1.redhat_00001.1.el9eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 | 0:5.0.12-1.Final_redhat_00001.1.el9eap |
| Red Hat | Red Hat build of Apache Camel 4 for Quarkus 3 | |
| Red Hat | Red Hat Build of Keycloak | |
| Red Hat | Red Hat Process Automation 7 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 | 0:2.0.41-7.SP8_redhat_00001.1.el7eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 | 0:4.0.2-1.Final_redhat_00001.1.el8eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 | 0:2.3.20-2.SP4_redhat_00001.1.el8eap, 0:2.3.20-2.SP4_redhat_00001.1.el8eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 | 0:5.0.12-1.Final_redhat_00001.1.el8eap |
| Red Hat | Red Hat JBoss Data Grid 7 | |
| Maven | io.undertow:undertow-core | 2.4.0.Alpha1, 2.4.0.Alpha1, 2.3.0.Alpha1 |
…and 49 more
Timeline
- Dec 3, 2025 CVE Published
- Dec 3, 2025 PoC Published
- Dec 4, 2025 EPSS Score
- Dec 8, 2025 EPSS Score
- Dec 13, 2025 EPSS Score
- Dec 17, 2025 EPSS Score
- Dec 21, 2025 EPSS Score
- Dec 26, 2025 EPSS Score
- Dec 30, 2025 EPSS Score
- Jan 3, 2026 EPSS Score
- Jan 8, 2026 EPSS Score
- Jan 12, 2026 EPSS Score
References
- RHSA-2026:0383 vendor-advisory
- RHSA-2026:0384 vendor-advisory
- RHSA-2026:0386 vendor-advisory
- RHSA-2026:3889 vendor-advisory
- RHSA-2026:3891 vendor-advisory
- RHSA-2026:3892 vendor-advisory
- RHSA-2026:4915 vendor-advisory
- RHSA-2026:4916 vendor-advisory
- RHSA-2026:4917 vendor-advisory
- RHSA-2026:4924 vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-3884 vdb
- RHBZ#2275287 issue
- https://nvd.nist.gov/vuln/detail/CVE-2024-3884 advisory
- https://github.com/undertow-io/undertow/pull/1894 url
- https://github.com/undertow-io/undertow/pull/1882 url
- https://github.com/undertow-io/undertow/pull/1860 url
- https://github.com/undertow-io/undertow/pull/1856 url
- https://github.com/undertow-io/undertow/commit/cb854c779b9e2368c3c274ebd7217c8e75d505be url
- https://github.com/undertow-io/undertow/releases/tag/2.4.0.Beta1 url
- https://github.com/undertow-io/undertow/releases/tag/2.3.21.Final url
…and 9 more