CVE Catalog

CVE-2026-14683

LowCVSS 3.3
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

A vulnerability was found in HdrHistogram up to version 2.2.2, involving uncontrolled memory allocation in the decodeFromCompressedByteBuffer function. Manipulating the lengthOfCompressedContents argument can cause excessive memory consumption. The attack requires local access and the exploit is publicly available.

Risk Assessment

The organization is at risk of denial-of-service (DoS) attacks through local memory exhaustion, potentially disrupting applications using the vulnerable library.

Recommendation

Immediately update HdrHistogram to version 2.2.3 or later if available. If no patch is available, restrict local access to systems using this library.

Original NVD description (English source)

A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument lengthOfCompressedContents results in uncontrolled memory allocation. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS