CVE-2026-45686 in opentelemetry-ebpf-instrumentationinformation

Résumé

par MITRE • 02/06/2026

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI's memcached text protocol parser can crash the OBI process and cause denial of service. When parsing memcached storage commands such as set, add, replace, append, prepend, or cas, OBI accepts extremely large values and adds the payload delimiter length without checking for overflow. A crafted request with set to math.MaxInt or math.MaxInt-1 causes the computed payload length to wrap negative and triggers a runtime panic in LargeBufferReader.Peek. This issue has been patched in version 0.9.0.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

GitHub M

Réserver

13/05/2026

Divulgation

02/06/2026

Modérer

accepté

Entrée

VDB-367975

CPE

prêt

EPSS

0.00050

KEV

non

Activités

très faible

Sources

MITREhttps://www.cve.org/CVERecord?id=CVE-2026-45686
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-45686
CVE Detailshttps://www.cvedetails.com/cve/CVE-2026-45686/

PrécédentAperçuSuivant

Want to know what is going to be exploited?

We predict KEV entries!