CVE-2026-45686 in opentelemetry-ebpf-instrumentationinfo

Zusammenfassung

von MITRE • 02.06.2026

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI's memcached text protocol parser can crash the OBI process and cause denial of service. When parsing memcached storage commands such as set, add, replace, append, prepend, or cas, OBI accepts extremely large values and adds the payload delimiter length without checking for overflow. A crafted request with set to math.MaxInt or math.MaxInt-1 causes the computed payload length to wrap negative and triggers a runtime panic in LargeBufferReader.Peek. This issue has been patched in version 0.9.0.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

GitHub M

Reservieren

13.05.2026

Veröffentlichung

02.06.2026

Moderieren

akzeptiert

Eintrag

VDB-367975

CPE

bereit

CWE

CWE-190 (bestätigt)

CVSS

7.5 (CNA)

EPSS

0.00050

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-45686
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-45686
CVE Details	https://www.cvedetails.com/cve/CVE-2026-45686/

◂ Zurück Übersicht Weiter ▸

Do you know our Splunk app?

Download it now for free!