Data integrity impact due to incorrect comparison
Summary
A vulnerability was found in HdrHistogram up to 2.2.2. This issue affects the function org.HdrHistogram.DoubleHistogram.recordValue of the file src/main/java/org/HdrHistogram/DoubleHistogram.java of the component Range Check. Performing a manipulation results in incorrect comparison. The attack is only possible with local access. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet. This issue primarily impacts data integrity. Low: This HdrHistogram flaw enables a local attacker to manipulate data, resulting in incorrect value comparisons and a data integrity impact. The requirement for local system access significantly reduces the overall exposure and risk for Red Hat products. Red Hat severity: Low — CVSS 3.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-839. Affected Red Hat products: Red Hat Ansible Automation Platform 2; Red Hat Enterprise Linux 8; Red Hat Hardened Images; Red Hat OpenShift AI (RHOAI). Red Hat lists Logging Subsystem for Red Hat OpenShift; OpenShift Lightspeed; OpenShift Service Mesh 3; Red Hat OpenShift AI (RHOAI); Red Hat OpenShift Container Platform 4; Red Hat OpenShift Update Service as not affected. Red Hat does not currently list a fixing RHSA for this CVE.
- 2.2.2
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Mitigation
Mitigation steps weren't captured by the parser for this advisory — this is a parsing gap, not a statement that no fix exists. Read the vendor advisory below for the authoritative guidance.
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.