Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4Blast Radius
ecosystem impact- 13 maven packages depend on io.undertow:undertow-core (7 direct, 6 indirect)
Ecosystem-wide dependent count for version 2.4.0.Alpha1.
DescriptionCVE.org
A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.
AnalysisAI
A flaw was found in Undertow that can cause remote denial of service attacks.
Technical ContextAI
A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users. This vulnerability is classified as Improper Input Validation (CWE-20).
RemediationAI
Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Denial Of Service
View allVendor StatusVendor
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| xenial | needs-triage | - |
| bionic | needs-triage | - |
| focal | needs-triage | - |
| jammy | needs-triage | - |
| noble | needs-triage | - |
| questing | needs-triage | - |
| upstream | needs-triage | - |
| plucky | ignored | end of life, was needs-triage |
Debian
Bug #1123001| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| forky, sid | vulnerable | 2.3.20-1 | - |
| (unstable) | fixed | (unfixed) | - |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2024-32452
GHSA-6h4f-pj3g-q8fq