CVE-2026-45686 in opentelemetry-ebpf-instrumentationthông tin

Tóm tắt

Bởi MITRE • 02/06/2026

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI's memcached text protocol parser can crash the OBI process and cause denial of service. When parsing memcached storage commands such as set, add, replace, append, prepend, or cas, OBI accepts extremely large values and adds the payload delimiter length without checking for overflow. A crafted request with set to math.MaxInt or math.MaxInt-1 causes the computed payload length to wrap negative and triggers a runtime panic in LargeBufferReader.Peek. This issue has been patched in version 0.9.0.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

chịu trách nhiệm

GitHub M

Đặt trước

13/05/2026

Tiết lộ

02/06/2026

Kiểm duyệt

được chấp nhận

mục

VDB-367975

CPE

sẵn sàng

CWE

CWE-190 (Đã xác nhận)

CVSS

7.5 (CNA)

EPSS

0.00050

KEV

không

Các hoạt động

rất thấp

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-45686
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-45686
CVE Details	https://www.cvedetails.com/cve/CVE-2026-45686/

◂ Trước Tổng Quan Tiếp theo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!