Impact
A vulnerability exists in the HdrHistogram library, affecting versions up to 2.2.2, where the org.HdrHistogram.DoubleHistogram.recordValue method performs an incorrect comparison during range checking. This flaw allows a local attacker to manipulate input values such that the histogram records inaccurate data, potentially compromising data integrity in any component that relies on precise frequency counts.
Affected Systems
The affected product is the HdrHistogram open‑source library, specifically builds 2.2.2 and earlier. No vendor‑specified versions are listed beyond the open‑source repository; any application embedding this library during that release window is potentially impacted.
Risk and Exploitability
The CVSS score of 4.8 indicates a moderately low severity, and the EPSS score is unavailable. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires local access where the attacker can invoke recordValue, so the risk is confined to environments where code with local privileges can be run. While the issue is publicly disclosed, the project has not yet released a patch, which increases the window of exposure.
OpenCVE Enrichment