5.3
CVE-2026-40894
- EPSS 0.46%
- Veröffentlicht 23.04.2026 18:03:28
- Zuletzt bearbeitet 28.04.2026 19:34:26
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginOpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers
OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators NuGet packages can allocate excessive memory when parsing which could create a potential denial of service (DoS) in the consuming application. This vulnerability is fixed in 1.15.3.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Opentelemetry ≫ Opentelemetry SwPlatform.net Version >= 0.5.0 < 1.15.3
Opentelemetry ≫ Opentelemetry.Api SwPlatform.net Version >= 0.5.0 < 1.15.3
Opentelemetry ≫ Opentelemetry.Extensions.Propagators Version > 1.3.0 < 1.15.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.46% | 0.362 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
CWE-789 Memory Allocation with Excessive Size Value
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
https://github.com/open-telemetry/opentelemetry-dotnet/security/advisories/GHSA-g94r-2vxg-569j
https://github.com/open-telemetry/opentelemetry-dotnet/pull/1048
https://github.com/open-telemetry/opentelemetry-dotnet/pull/3244
https://github.com/open-telemetry/opentelemetry-dotnet/pull/3309
https://github.com/open-telemetry/opentelemetry-dotnet/pull/533
https://github.com/open-telemetry/opentelemetry-dotnet/pull/7061