CVE-2026-14683
Last modified
CVE-2026-14683 is a low-severity vulnerability rated 3.3/10 on the CVSS scale. A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. EPSS estimates a 0.12% chance of exploitation in the next 30 days.
Description
A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument lengthOfCompressedContents results in uncontrolled memory allocation. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| — | HdrHistogram | 2.2.0; 2.2.1; 2.2.2 |
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2026-14683?
How severe is CVE-2026-14683?
How do I fix CVE-2026-14683?
Related CVEs from 2026
- CVE-2026-14658A vulnerability was detected in code-projects Assessment Man…6.3
- CVE-2026-14659A vulnerability has been found in itsourcecode Hospital Mana…6.3
- CVE-2026-1466Jirafeau normally prevents browser preview for text files du…6.1
- CVE-2026-14660A vulnerability was found in code-projects Online Job Portal…7.3
- CVE-2026-1467A flaw was found in libsoup, an HTTP client library. This vu…5.3
- CVE-2026-1468QuickCMS is vulnerable to Cross-Site Request Forgery across …5.1
- CVE-2026-14684A flaw has been found in HdrHistogram up to 2.2.2. This affe…3.3
- CVE-2026-14685A vulnerability has been found in HdrHistogram up to 2.2.2. …3.3
- CVE-2026-14686A vulnerability was found in HdrHistogram up to 2.2.2. This …3.3
- CVE-2026-14687A vulnerability was determined in 666ghj BettaFish up to 1.2…5.5
- CVE-2026-14688A vulnerability was identified in itsourcecode Online Hotel …7.3
- CVE-2026-14689A security flaw has been discovered in CodeAstro Apartment V…6.3
Are you affected by CVE-2026-14683?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
