5.3
CVE-2026-44967
- EPSS 0.21%
- Veröffentlicht 12.06.2026 14:52:00
- Zuletzt bearbeitet 16.06.2026 19:38:23
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Loginopentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response
OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters (traces/metrics/logs) read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled (or a network attacker can MITM the exporter connection). This vulnerability is fixed in opentelemetry-cpp release 1.27.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Opentelemetry ≫ Opentelemetry SwPlatformc++ Version < 1.27.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.106 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 1.6 | 3.6 |
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| security-advisories@github.com | 5.3 | 1.6 | 3.6 |
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-789 Memory Allocation with Excessive Size Value
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-w8rr-5gcm-pp58
https://github.com/open-telemetry/opentelemetry-cpp/security/advisories/GHSA-5qhm-4rfp-qqvj
https://github.com/open-telemetry/opentelemetry-cpp/issues/3958
https://github.com/open-telemetry/opentelemetry-cpp/pull/4078