CVE-2024-3884

HIGH
中文标题:
(暂无数据)
英文标题:
Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded
CVSS分数: 7.5
发布时间: 2025-12-03 18:40:25
漏洞类型: (暂无数据)
状态: PUBLISHED
数据质量分数: 0.40
数据版本: v3
漏洞描述
中文描述:

(暂无数据)

英文描述:

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.

CWE类型:
CWE-20
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
Red Hat Red Hat JBoss Enterprise Application Platform 8 - - - cpe:/a:redhat:jboss_enterprise_application_platform:8.0
Red Hat Red Hat JBoss Enterprise Application Platform 8.0 8.0 - - cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 8.0 - - cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 8.0 - - cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat OpenShift Serverless - - - cpe:/a:redhat:serverless:1
Red Hat Red Hat build of Apache Camel 4 for Quarkus 3 - - - cpe:/a:redhat:camel_quarkus:3
Red Hat Red Hat build of Apache Camel for Spring Boot 3 - - - cpe:/a:redhat:camel_spring_boot:3
Red Hat Red Hat build of Apache Camel for Spring Boot 4 - - - cpe:/a:redhat:camel_spring_boot:4
Red Hat Red Hat build of Apache Camel - HawtIO 4 - - - cpe:/a:redhat:apache_camel_hawtio:4
Red Hat Red Hat build of Apicurio Registry 2 - - - cpe:/a:redhat:service_registry:2
Red Hat Red Hat Build of Keycloak - - - cpe:/a:redhat:build_keycloak:
Red Hat Red Hat build of OptaPlanner 8 - - - cpe:/a:redhat:optaplanner:::el6
Red Hat Red Hat build of Quarkus - - - cpe:/a:redhat:quarkus:3
Red Hat Red Hat Data Grid 8 - - - cpe:/a:redhat:jboss_data_grid:8
Red Hat Red Hat Fuse 7 - - - cpe:/a:redhat:jboss_fuse:7
Red Hat Red Hat Integration Camel K 1 - - - cpe:/a:redhat:integration:1
Red Hat Red Hat Integration Camel Quarkus 2 - - - cpe:/a:redhat:camel_quarkus:2
Red Hat Red Hat JBoss Data Grid 7 - - - cpe:/a:redhat:jboss_data_grid:7
Red Hat Red Hat JBoss Enterprise Application Platform 7 - - - cpe:/a:redhat:jboss_enterprise_application_platform:7
Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack - - - cpe:/a:redhat:jbosseapxp
Red Hat Red Hat JBoss Fuse Service Works 6 - - - cpe:/a:redhat:jboss_fuse_service_works:6
Red Hat Red Hat Process Automation 7 - - - cpe:/a:redhat:jboss_enterprise_bpms_platform:7
Red Hat Red Hat Single Sign-On 7 - - - cpe:/a:redhat:red_hat_single_sign_on:7
Red Hat streams for Apache Kafka - - - cpe:/a:redhat:amq_streams:1
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
RHSA-2025:22773 vendor-advisory
cve.org
访问
RHSA-2025:22775 vendor-advisory
cve.org
访问
RHSA-2025:22777 vendor-advisory
cve.org
访问
RHSA-2025:3990 vendor-advisory
cve.org
访问
RHSA-2025:3992 vendor-advisory
cve.org
访问
无标题 vdb-entry
cve.org
访问
RHBZ#2275287 issue-tracking
cve.org
访问
secalert@redhat.com OTHER
nvd.nist.gov
访问
secalert@redhat.com OTHER
nvd.nist.gov
访问
secalert@redhat.com OTHER
nvd.nist.gov
访问
CVSS评分详情
3.1 (cna)
HIGH
7.5
CVSS向量: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
机密性
NONE
完整性
NONE
可用性
HIGH
时间信息
发布时间:
2025-12-03 18:40:25
修改时间:
2025-12-06 00:07:44
创建时间:
2026-01-12 02:09:49
更新时间:
2026-01-27 06:00:13
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2024-3884 2025-12-07 02:05:12 2026-01-12 02:09:49
NVD nvd_CVE-2024-3884 2025-12-07 03:00:02 2026-01-12 02:27:12
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN
安全公告
暂无安全公告信息
变更历史
v3 NVD
2026-01-14 06:14:32
references_count: 7 → 10
查看详细变更
  • references_count: 7 -> 10
v2 NVD
2026-01-12 02:27:12
affected_products_count: 102 → 24; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • affected_products_count: 102 -> 24
  • data_sources: ['cve'] -> ['cve', 'nvd']