Home
HIGH: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HDefault status
unaffected
Default status
affected
0:2.0.2-2.redhat_00002.1.el8eap (rpm) before *
unaffected
Default status
affected
0:2.16.1-2.redhat_00002.1.el8eap (rpm) before *
unaffected
Default status
affected
0:2.0.1-5.redhat_00007.1.el8eap (rpm) before *
unaffected
Default status
affected
0:1.82.0-1.redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:800.11.0-1.GA_redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap (rpm) before *
unaffected
Default status
affected
0:3.6.27-1.Final_redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:6.2.46-1.Final_redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:8.0.2-1.Final_redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:4.5.14-5.redhat_00016.1.el8eap (rpm) before *
unaffected
Default status
affected
0:4.4.16-6.redhat_00011.1.el8eap (rpm) before *
unaffected
Default status
affected
0:1.0.3-1.Final_redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:2.1.3-2.redhat_00002.1.el8eap (rpm) before *
unaffected
Default status
affected
0:2.1.1-5.redhat_00005.1.el8eap (rpm) before *
unaffected
Default status
affected
0:3.0.2-1.redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:2.1.0-5.redhat_00003.1.el8eap (rpm) before *
unaffected
Default status
affected
0:2.1.3-3.redhat_00003.1.el8eap (rpm) before *
unaffected
Default status
affected
0:6.0.0-6.redhat_00007.1.el8eap (rpm) before *
unaffected
Default status
affected
0:3.0.2-3.redhat_00006.1.el8eap (rpm) before *
unaffected
Default status
affected
0:3.1.0-5.redhat_00003.1.el8eap (rpm) before *
unaffected
Default status
affected
0:4.0.2-2.redhat_00003.1.el8eap (rpm) before *
unaffected
Default status
affected
0:4.0.2-1.Final_redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:7.3.6-1.Final_redhat_00001.1.el8eap (rpm) before *
unaffected
Default status
affected
0:4.0.5-3.redhat_00002.1.el8eap (rpm) before *
unaffected
Default status
affected
0:1.1.7-3.redhat_00003.1.el8eap (rpm) before *
unaffected
Default status
affected
0:1.0.4-4.redhat_00005.1.el8eap (rpm) before *
unaffected
Default status
affected
0:2.2.21-4.redhat_00003.1.el8eap (rpm) before *
unaffected
Default status
affected
0:3.0.4-2.redhat_00002.1.el8eap (rpm) before *
unaffected
Default status
affected
0:4.2.2-2.redhat_00003.1.el8eap (rpm) before *
unaffected
Default status
affected
0:2.1.0-3.redhat_00003.1.el8eap (rpm) before *
unaffected
Default status
affected
0:4.1.2-2.redhat_00003.1.el8eap (rpm) before *
unaffected
Default status
affected
0:8.0.11-1.GA_redhat_00002.1.el8eap (rpm) before *
unaffected
Default status
affected
0:2.2.12-1.Final_redhat_00002.1.el8eap (rpm) before *
unaffected
Default status
affected
0:3.0.4-2.redhat_00004.1.el8eap (rpm) before *
unaffected
Default status
unknown
Default status
unknown
Default status
unknown
Default status
unknown
Default status
unknown
Default status
unknown
Default status
unknown
Default status
unknown
Default status
unknown
Default status
unknown
Default status
unknown
Default status
unknown
Default status
unknown
Default status
unknown
Default status
unknown
Default status
unaffected
Default status
unknown
Default status
unknown
Default status
unknown
Default status
unknown
Description
A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.
Problem types
Product status
0:2.0.2-2.redhat_00002.1.el8eap (rpm) before *
0:2.16.1-2.redhat_00002.1.el8eap (rpm) before *
0:2.0.1-5.redhat_00007.1.el8eap (rpm) before *
0:1.82.0-1.redhat_00001.1.el8eap (rpm) before *
0:800.11.0-1.GA_redhat_00001.1.el8eap (rpm) before *
0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap (rpm) before *
0:3.6.27-1.Final_redhat_00001.1.el8eap (rpm) before *
0:6.2.46-1.Final_redhat_00001.1.el8eap (rpm) before *
0:8.0.2-1.Final_redhat_00001.1.el8eap (rpm) before *
0:4.5.14-5.redhat_00016.1.el8eap (rpm) before *
0:4.4.16-6.redhat_00011.1.el8eap (rpm) before *
0:1.0.3-1.Final_redhat_00001.1.el8eap (rpm) before *
0:2.1.3-2.redhat_00002.1.el8eap (rpm) before *
0:2.1.1-5.redhat_00005.1.el8eap (rpm) before *
0:3.0.2-1.redhat_00001.1.el8eap (rpm) before *
0:2.1.0-5.redhat_00003.1.el8eap (rpm) before *
0:2.1.3-3.redhat_00003.1.el8eap (rpm) before *
0:6.0.0-6.redhat_00007.1.el8eap (rpm) before *
0:3.0.2-3.redhat_00006.1.el8eap (rpm) before *
0:3.1.0-5.redhat_00003.1.el8eap (rpm) before *
0:4.0.2-2.redhat_00003.1.el8eap (rpm) before *
0:4.0.2-1.Final_redhat_00001.1.el8eap (rpm) before *
0:7.3.6-1.Final_redhat_00001.1.el8eap (rpm) before *
0:4.0.5-3.redhat_00002.1.el8eap (rpm) before *
0:1.1.7-3.redhat_00003.1.el8eap (rpm) before *
0:1.0.4-4.redhat_00005.1.el8eap (rpm) before *
0:2.2.21-4.redhat_00003.1.el8eap (rpm) before *
0:3.0.4-2.redhat_00002.1.el8eap (rpm) before *
0:4.2.2-2.redhat_00003.1.el8eap (rpm) before *
0:2.1.0-3.redhat_00003.1.el8eap (rpm) before *
0:4.1.2-2.redhat_00003.1.el8eap (rpm) before *
0:8.0.11-1.GA_redhat_00002.1.el8eap (rpm) before *
0:2.2.12-1.Final_redhat_00002.1.el8eap (rpm) before *
0:3.0.4-2.redhat_00004.1.el8eap (rpm) before *
Timeline
| 2024-04-16: | Reported to Red Hat. |
| 2025-12-03: | Made public. |
References
access.redhat.com/errata/RHSA-2025:22773 (RHSA-2025:22773)
access.redhat.com/errata/RHSA-2025:22777 (RHSA-2025:22777)
access.redhat.com/security/cve/CVE-2024-3884
bugzilla.redhat.com/show_bug.cgi?id=2275287 (RHBZ#2275287)
