Submeter #846761: HdrHistogram 2.2.2 and earlier Improper Input Validationinformação

TítuloHdrHistogram 2.2.2 and earlier Improper Input Validation
DescriçãoThe public method recordValueWithCount(long value, long count) in AbstractHistogram does not validate that the count parameter is positive. Passing negative values corrupts the histogram's internal state, including totalCount and individual bucket values. This allows an attacker who can influence the count parameter (e.g., through a metrics API or agent data receiver) to manipulate monitoring data, suppress SLA violations, or cause incorrect alerting decisions.
Fonte⚠️ https://github.com/HdrHistogram/HdrHistogram/issues/221
Utilizador
 sara11h (UID 98571)
Submissão03/06/2026 09h50 (há 1 mês)
Moderação04/07/2026 06h40 (1 month later)
EstadoAceite
Entrada VulDB376281 [HdrHistogram até 2.2.2 AbstractHistogram AbstractHistogram.java recordValueWithCount Contagem Elevação de Privilégios]
Pontos20

Interested in the pricing of exploits?

See the underground prices here!