CVE-2026-14683
LowCVSS 3.3Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
A vulnerability was found in HdrHistogram up to version 2.2.2, involving uncontrolled memory allocation in the decodeFromCompressedByteBuffer function. Manipulating the lengthOfCompressedContents argument can cause excessive memory consumption. The attack requires local access and the exploit is publicly available.
Risk Assessment
The organization is at risk of denial-of-service (DoS) attacks through local memory exhaustion, potentially disrupting applications using the vulnerable library.
Recommendation
Immediately update HdrHistogram to version 2.2.3 or later if available. If no patch is available, restrict local access to systems using this library.
Original NVD description (English source)
A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument lengthOfCompressedContents results in uncontrolled memory allocation. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

