CVE-2026-14684
Last modified
CVE-2026-14684 is a low-severity vulnerability rated 3.3/10 on the CVSS scale. A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram.AbstractHistogram.decodeFromByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. EPSS estimates a 0.12% chance of exploitation in the next 30 days.
Description
A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram.AbstractHistogram.decodeFromByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. This manipulation of the argument numberOfSignificantValueDigits causes uncontrolled memory allocation. The attack can only be executed locally. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| — | HdrHistogram | 2.2.0; 2.2.1; 2.2.2 |
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2026-14684?
How severe is CVE-2026-14684?
How do I fix CVE-2026-14684?
Related CVEs from 2026
- CVE-2026-14659A vulnerability has been found in itsourcecode Hospital Mana…6.3
- CVE-2026-1466Jirafeau normally prevents browser preview for text files du…6.1
- CVE-2026-14660A vulnerability was found in code-projects Online Job Portal…7.3
- CVE-2026-1467A flaw was found in libsoup, an HTTP client library. This vu…5.3
- CVE-2026-1468QuickCMS is vulnerable to Cross-Site Request Forgery across …5.1
- CVE-2026-14683A vulnerability was detected in HdrHistogram up to 2.2.2. Af…3.3
- CVE-2026-14685A vulnerability has been found in HdrHistogram up to 2.2.2. …3.3
- CVE-2026-14686A vulnerability was found in HdrHistogram up to 2.2.2. This …3.3
- CVE-2026-14687A vulnerability was determined in 666ghj BettaFish up to 1.2…5.5
- CVE-2026-14688A vulnerability was identified in itsourcecode Online Hotel …7.3
- CVE-2026-14689A security flaw has been discovered in CodeAstro Apartment V…6.3
- CVE-2026-1469Stored Cross-Site Scripting (XSS) in RLE NOVA's PlanManager.…5.4
Are you affected by CVE-2026-14684?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
