VDB
DEBIAN-CVE-2024-4027
DEBIAN-CVE-2024-4027
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service (DoS) attack.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | undertow | 1.3.11-1, 1.3.16-1, 1.3.21-1 |
Timeline
- Jan 30, 2026 CVE Published
- Apr 28, 2026 CVE Updated