PT-2026-55741 · Unknown · Hdrhistogram
Sara11H
·
Published
2026-07-04
·
Updated
2026-07-04
·
CVE-2026-14683
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
HdrHistogram versions prior to 2.2.3
Description
An issue exists in the
decodeFromCompressedByteBuffer() function within the org.HdrHistogram.AbstractHistogram class. Local manipulation of the lengthOfCompressedContents argument can lead to uncontrolled memory allocation.Recommendations
Update HdrHistogram to a version newer than 2.2.2.
As a temporary mitigation, restrict local access to the
decodeFromCompressedByteBuffer() function.Exploit
Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hdrhistogram