A vulnerability, which was classified as problematic, has been found in HdrHistogram up to 2.2.2. This affects the function
org.HdrHistogram.AbstractHistogram.decodeFromByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. This manipulation of the argument numberOfSignificantValueDigits causes uncontrolled memory allocation.
The identification of this vulnerability is CVE-2026-14684. The attack can only be executed locally. Furthermore, there is an exploit available.
The project was informed of the problem early through an issue report but has not responded yet.