A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument lengthOfCompressedContents results in uncontrolled memory allocation. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Metrics
Affected Vendors & Products
References
History
Sat, 04 Jul 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument lengthOfCompressedContents results in uncontrolled memory allocation. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | |
| Title | HdrHistogram AbstractHistogram.java memory allocation | |
| First Time appeared |
Hdrhistogram
Hdrhistogram hdrhistogram |
|
| Weaknesses | CWE-400 CWE-789 |
|
| CPEs | cpe:2.3:a:hdrhistogram:hdrhistogram:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Hdrhistogram
Hdrhistogram hdrhistogram |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published: 2026-07-04T23:00:10.759Z
Updated: 2026-07-04T23:00:10.759Z
Reserved: 2026-07-04T04:39:55.742Z
Link: CVE-2026-14683
No data.
No data.
No data.