HIGH 7.5 Maven
Undertow OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded
GHSA-6h4f-pj3g-q8fq · CVE-2024-3884
Published · Modified
Description
A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-3884
- WEB https://github.com/undertow-io/undertow/pull/1894
- WEB https://github.com/undertow-io/undertow/pull/1882
- WEB https://github.com/undertow-io/undertow/pull/1860
- WEB https://github.com/undertow-io/undertow/pull/1856
- WEB https://github.com/undertow-io/undertow/commit/cb854c779b9e2368c3c274ebd7217c8e75d505be
- WEB https://github.com/undertow-io/undertow/releases/tag/2.4.0.Beta1
- WEB https://github.com/undertow-io/undertow/releases/tag/2.3.21.Final
- WEB https://github.com/undertow-io/undertow/releases/tag/2.2.39.Final
- PACKAGE https://github.com/undertow-io/undertow
- WEB https://bugzilla.redhat.com/show_bug.cgi?id=2275287
- WEB https://access.redhat.com/security/cve/CVE-2024-3884
- WEB https://access.redhat.com/errata/RHSA-2026:6012
- WEB https://access.redhat.com/errata/RHSA-2026:6011
- WEB https://access.redhat.com/errata/RHSA-2026:4924
- WEB https://access.redhat.com/errata/RHSA-2026:4917
- WEB https://access.redhat.com/errata/RHSA-2026:4916
- WEB https://access.redhat.com/errata/RHSA-2026:4915
- WEB https://access.redhat.com/errata/RHSA-2026:3892
- WEB https://access.redhat.com/errata/RHSA-2026:3891
- WEB https://access.redhat.com/errata/RHSA-2026:3889
- WEB https://access.redhat.com/errata/RHSA-2026:0386
- WEB https://access.redhat.com/errata/RHSA-2026:0384
- WEB https://access.redhat.com/errata/RHSA-2026:0383
- WEB https://access.redhat.com/errata/RHSA-2025:3992
- WEB https://access.redhat.com/errata/RHSA-2025:3990
- WEB https://access.redhat.com/errata/RHSA-2025:22777
- WEB https://access.redhat.com/errata/RHSA-2025:22775
- WEB https://access.redhat.com/errata/RHSA-2025:22773
Ready to move
Start Securing
Free, no credit card | First findings in minutes