提交 #846761: HdrHistogram 2.2.2 and earlier Improper Input Validation信息

标题HdrHistogram 2.2.2 and earlier Improper Input Validation
描述The public method recordValueWithCount(long value, long count) in AbstractHistogram does not validate that the count parameter is positive. Passing negative values corrupts the histogram's internal state, including totalCount and individual bucket values. This allows an attacker who can influence the count parameter (e.g., through a metrics API or agent data receiver) to manipulate monitoring data, suppress SLA violations, or cause incorrect alerting decisions.
来源⚠️ https://github.com/HdrHistogram/HdrHistogram/issues/221
用户
 sara11h (UID 98571)
提交2026-06-03 09時50分 (1 月前)
管理2026-07-04 06時40分 (1 month later)
状态已接受
VulDB条目376281 [HdrHistogram 直到 2.2.2 AbstractHistogram AbstractHistogram.java recordValueWithCount 数量 权限提升]
积分20

Might our Artificial Intelligence support you?

Check our Alexa App!