CVE-2026-45686 in opentelemetry-ebpf-instrumentationinformação

Sumário

de MITRE • 02/06/2026

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI's memcached text protocol parser can crash the OBI process and cause denial of service. When parsing memcached storage commands such as set, add, replace, append, prepend, or cas, OBI accepts extremely large values and adds the payload delimiter length without checking for overflow. A crafted request with set to math.MaxInt or math.MaxInt-1 causes the computed payload length to wrap negative and triggers a runtime panic in LargeBufferReader.Peek. This issue has been patched in version 0.9.0.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

GitHub M

Reservar

13/05/2026

Divulgação

02/06/2026

Moderação

aceite

Entrada

VDB-367975

CPE

pronto

EPSS

0.00050

KEV

não

Atividades

muito baixo

Fontes

MITREhttps://www.cve.org/CVERecord?id=CVE-2026-45686
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-45686
CVE Detailshttps://www.cvedetails.com/cve/CVE-2026-45686/

VoltarVisão GeralPróximo

Do you need the next level of professionalism?

Upgrade your account now!