A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.
CVE-2024-3884
This high-severity CVE scores 7.5 under NVD CVSS v3. EPSS exploit probability: 0.4%, top 40% of all CVEs by exploit prediction. GitHub Security Advisory data not yet ingested — confidence will rise once GHSA publishes (typical lag: hours to days for open-source ecosystem CVEs; never for infrastructure-only CVEs).
- High severity, but no confirmed exploitation yet
A fix is available — apply it.
- CVSS v3
- 7.5
- EG Score
- 7.5(medium)
- EPSS
- 66.0%
- KEV
- Not listed
Published
December 3, 2025
Last Modified
July 7, 2026
Advisory Details (10)
Auto-updated Jul 7, 2026Affected: Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common
https://access.redhat.com/errata/RHSA-2026:4917Affected: Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common
https://access.redhat.com/errata/RHSA-2026:4916Affected: Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common
https://access.redhat.com/errata/RHSA-2026:4915Affected: Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common
https://access.redhat.com/errata/RHSA-2026:3891Affected: Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common
https://access.redhat.com/errata/RHSA-2026:3889Affected: Red Hat Enterprise Linux 8.
https://access.redhat.com/errata/RHSA-2026:0386Affected: Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common
https://access.redhat.com/errata/RHSA-2026:0384Affected: Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common
https://access.redhat.com/errata/RHSA-2026:0383Vendor Advisories for CVE-2024-3884(5)
These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.
- RHSA-2026:6011Red Hat Product SecurityCritical
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.17 security update
- RHSA-2026:4924Red Hat Product SecurityHigh
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update
- RHSA-2026:4917Red Hat Product SecurityHigh
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update
- RHSA-2026:4915Red Hat Product SecurityHigh
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update
- RHSA-2026:4916Red Hat Product SecurityHigh
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update
Frequently asked(5)
What is CVE-2024-3884?
When was CVE-2024-3884 disclosed?
Is CVE-2024-3884 actively exploited?
What is the CVSS score of CVE-2024-3884?
How do I remediate CVE-2024-3884?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2024-3884
Is Your Infrastructure Affected by CVE-2024-3884?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.