A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram.AbstractHistogram.decodeFromByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. This manipulation of the argument numberOfSignificantValueDigits causes uncontrolled memory allocation. The attack can only be executed locally. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Metrics
Affected Vendors & Products
References
History
Tue, 07 Jul 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-770 | |
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Mon, 06 Jul 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Sat, 04 Jul 2026 23:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram.AbstractHistogram.decodeFromByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. This manipulation of the argument numberOfSignificantValueDigits causes uncontrolled memory allocation. The attack can only be executed locally. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet. | |
| Title | HdrHistogram AbstractHistogram.java memory allocation | |
| First Time appeared |
Hdrhistogram
Hdrhistogram hdrhistogram |
|
| Weaknesses | CWE-400 CWE-789 |
|
| CPEs | cpe:2.3:a:hdrhistogram:hdrhistogram:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Hdrhistogram
Hdrhistogram hdrhistogram |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published: 2026-07-04T23:30:10.875Z
Updated: 2026-07-06T16:50:59.582Z
Reserved: 2026-07-04T04:39:58.430Z
Link: CVE-2026-14684
Updated: 2026-07-06T16:36:15.226Z
No data.