CVE-2024-3884

HIGHPre-NVD 7.57.5
EchelonGraph scoreMEDIUM confidence

This high-severity CVE scores 7.5 under NVD CVSS v3. EPSS exploit probability: 0.4%, top 40% of all CVEs by exploit prediction. GitHub Security Advisory data not yet ingested — confidence will rise once GHSA publishes (typical lag: hours to days for open-source ecosystem CVEs; never for infrastructure-only CVEs).

Triggered by: NVD CVSS baseline
Sources: epss, nvd
7.5
EchelonGraph verdictPlan a fixSerious severity, but no confirmed exploitation yet.
  • High severity, but no confirmed exploitation yet
CISA-KEV: Not listedEPSS: 1%CVSS: 7.5Exploit: NoneExposed: 0

A fix is available — apply it.

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.

CVSS v3
7.5
EG Score
7.5(medium)
EPSS
66.0%
KEV
Not listed

Published

December 3, 2025

Last Modified

July 7, 2026

Advisory Details (10)

Auto-updated Jul 7, 2026
Patch available. Sources: redhat.
redhat Patch Available

Affected: Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common

https://access.redhat.com/errata/RHSA-2026:4917
redhat Patch Available

Affected: Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common

https://access.redhat.com/errata/RHSA-2026:4916
redhat Patch Available

Affected: Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common

https://access.redhat.com/errata/RHSA-2026:4915
redhat Patch Available

Affected: Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common

https://access.redhat.com/errata/RHSA-2026:3891
redhat Patch Available

Affected: Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common

https://access.redhat.com/errata/RHSA-2026:3889
redhat Patch Available

Affected: Red Hat Enterprise Linux 8.

https://access.redhat.com/errata/RHSA-2026:0386
redhat Patch Available

Affected: Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common

https://access.redhat.com/errata/RHSA-2026:0384
redhat Patch Available

Affected: Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common

https://access.redhat.com/errata/RHSA-2026:0383

Frequently asked(5)

What is CVE-2024-3884?
CVE-2024-3884 is a high vulnerability published on December 3, 2025. A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows…
When was CVE-2024-3884 disclosed?
CVE-2024-3884 was first published in the National Vulnerability Database on December 3, 2025, with the most recent update on July 7, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2024-3884 actively exploited?
CVE-2024-3884 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 66.0% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2024-3884?
CVE-2024-3884 has a CVSS v4.0 base score of 7.5 (CNA self-assessment; NVD's own analysis pending).
How do I remediate CVE-2024-3884?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2024-3884, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2024-3884

Explore →

Is Your Infrastructure Affected by CVE-2024-3884?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.