A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument lengthOfCompressedContents results in uncontrolled memory allocation. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Metrics
Affected Vendors & Products
References
History
Mon, 13 Jul 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-770 | |
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Tue, 07 Jul 2026 03:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Sat, 04 Jul 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument lengthOfCompressedContents results in uncontrolled memory allocation. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | |
| Title | HdrHistogram AbstractHistogram.java memory allocation | |
| First Time appeared |
Hdrhistogram
Hdrhistogram hdrhistogram |
|
| Weaknesses | CWE-400 CWE-789 |
|
| CPEs | cpe:2.3:a:hdrhistogram:hdrhistogram:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Hdrhistogram
Hdrhistogram hdrhistogram |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published: 2026-07-04T23:00:10.759Z
Updated: 2026-07-07T02:37:54.613Z
Reserved: 2026-07-04T04:39:55.742Z
Link: CVE-2026-14683
Updated: 2026-07-07T02:37:50.872Z
No data.