PT-2026-55742 · Unknown · Hdrhistogram

Sara11H

·

Published

2026-07-04

·

Updated

2026-07-05

·

CVE-2026-14684

CVSS v3.1

3.3

Low

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions HdrHistogram versions prior to 2.2.3
Description A flaw exists in the decodeFromByteBuffer() function within the org.HdrHistogram.AbstractHistogram class. This issue occurs when the numberOfSignificantValueDigits argument is manipulated, leading to uncontrolled memory allocation. This attack can only be executed locally.
Recommendations Update HdrHistogram to a version newer than 2.2.2. As a temporary workaround, restrict the use of the decodeFromByteBuffer() function to prevent uncontrolled memory allocation.

Exploit

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-14684

Affected Products

Hdrhistogram