提出 #846761: HdrHistogram 2.2.2 and earlier Improper Input Validation情報

タイトルHdrHistogram 2.2.2 and earlier Improper Input Validation
説明The public method recordValueWithCount(long value, long count) in AbstractHistogram does not validate that the count parameter is positive. Passing negative values corrupts the histogram's internal state, including totalCount and individual bucket values. This allows an attacker who can influence the count parameter (e.g., through a metrics API or agent data receiver) to manipulate monitoring data, suppress SLA violations, or cause incorrect alerting decisions.
ソース⚠️ https://github.com/HdrHistogram/HdrHistogram/issues/221
ユーザー
 sara11h (UID 98571)
送信2026年06月03日 09:50 (1 月 ago)
モデレーション2026年07月04日 06:40 (1 month later)
ステータス承諾済み
VulDBエントリ376281 [HdrHistogram 迄 2.2.2 AbstractHistogram AbstractHistogram.java recordValueWithCount 数 特権昇格]
ポイント20

Do you want to use VulDB in your project?

Use the official API to access entries easily!