CVE-2026-14683
Received Received - Intake

Uncontrolled Memory Allocation in HdrHistogram

Vulnerability report for CVE-2026-14683, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-04

Last updated on: 2026-07-04

Assigner: VulDB

Description

A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument lengthOfCompressedContents results in uncontrolled memory allocation. The attack needs to be approached locally. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-04
Last Modified
2026-07-04
Generated
2026-07-05
AI Q&A
2026-07-05
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
hdrhistogram hdrhistogram to 2.2.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-789 The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

The vulnerability can lead to uncontrolled memory allocation, which may cause the affected application to consume excessive memory resources. This can result in degraded performance, application crashes, or denial of service conditions. Since the attack requires local access, an attacker with limited privileges on the system could exploit this to disrupt normal operations.

Executive Summary

This vulnerability exists in the HdrHistogram library up to version 2.2.2, specifically in the function decodeFromCompressedByteBuffer within the AbstractHistogram class. The issue arises from improper handling of the argument lengthOfCompressedContents, which leads to uncontrolled memory allocation. This means that an attacker with local access can manipulate this argument to cause the program to allocate excessive memory.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-14683. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart