PT-2026-55742 · Unknown · Hdrhistogram
Sara11H
·
Published
2026-07-04
·
Updated
2026-07-05
·
CVE-2026-14684
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
HdrHistogram versions prior to 2.2.3
Description
A flaw exists in the
decodeFromByteBuffer() function within the org.HdrHistogram.AbstractHistogram class. This issue occurs when the numberOfSignificantValueDigits argument is manipulated, leading to uncontrolled memory allocation. This attack can only be executed locally.Recommendations
Update HdrHistogram to a version newer than 2.2.2.
As a temporary workaround, restrict the use of the
decodeFromByteBuffer() function to prevent uncontrolled memory allocation.Exploit
Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hdrhistogram