Tag

Opentelemetry

4 briefs RSS

OpenTelemetry eBPF Instrumentation (OBI) Memcached Integer Overflow DoS

A remotely reachable integer overflow in OpenTelemetry eBPF Instrumentation's (OBI) memcached text protocol parser can crash the OBI process, causing a denial of service due to unchecked arithmetic when handling large payload sizes in memcached storage commands.

go.opentelemetry.io/obi denial-of-service integer-overflow memcached opentelemetry

1r 2t May 18, 2026

medium threat

OpenTelemetry eBPF Instrumentation MongoDB Parser Denial-of-Service

2 rules 1 TTP

Malformed MongoDB wire messages can trigger uncaught panics in the OpenTelemetry eBPF Instrumentation agent's MongoDB TCP parser, allowing a remote unauthenticated attacker to crash the telemetry agent and cause a denial of service.

go.opentelemetry.io/obi opentelemetry mongodb denial-of-service CVE-2026-45685

2r 1t May 18, 2026

high advisory

OpenTelemetry Collector Azure Auth Extension Authentication Bypass

2 rules 1 TTP

A server-side authentication bypass vulnerability exists in opentelemetry-collector-contrib's azureauthextension versions 0.124.0 through 0.150.0, allowing attackers with a valid Azure access token to authenticate to any OpenTelemetry receiver that uses `auth: azure_auth` due to improper JWT validation.

opentelemetry-collector-contrib +3 authentication-bypass opentelemetry azure jwt

2r 1t May 7, 2026

medium advisory

OpenTelemetry-Go Multi-Value Baggage Header Extraction DoS Vulnerability (CVE-2026-29181)

2 rules 1 TTP 1 CVE

A vulnerability in OpenTelemetry-Go related to the extraction of multi-value baggage headers can lead to excessive resource allocation, resulting in a remote denial-of-service amplification.

OpenTelemetry-Go dos opentelemetry cve-2026-29181

2r 1t 1c Apr 29, 2026