Отправить #846761: HdrHistogram 2.2.2 and earlier Improper Input ValidationИнформация

НазваниеHdrHistogram 2.2.2 and earlier Improper Input Validation
ОписаниеThe public method recordValueWithCount(long value, long count) in AbstractHistogram does not validate that the count parameter is positive. Passing negative values corrupts the histogram's internal state, including totalCount and individual bucket values. This allows an attacker who can influence the count parameter (e.g., through a metrics API or agent data receiver) to manipulate monitoring data, suppress SLA violations, or cause incorrect alerting decisions.
Источник⚠️ https://github.com/HdrHistogram/HdrHistogram/issues/221
Пользователь
 sara11h (UID 98571)
Представление03.06.2026 09:50 (1 месяц назад)
Модерация04.07.2026 06:40 (1 month later)
Статуспринято
Запись VulDB376281 [HdrHistogram до 2.2.2 AbstractHistogram AbstractHistogram.java recordValueWithCount Количество эскалация привилегий]
Баллы20

Interested in the pricing of exploits?

See the underground prices here!