Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response
Vulnerability Description
OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters (traces/metrics/logs) read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled (or a network attacker can MITM the exporter connection). This vulnerability is fixed in opentelemetry-cpp release 1.27.0.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未经控制的内存分配
Vulnerability Title
OpenTelemetry C++ 资源管理错误漏洞
Vulnerability Description
OpenTelemetry C++是OpenTelemetry团队的一款用于收集和导出遥测数据的服务器端支撑软件。 OpenTelemetry C++ 1.27.0之前版本存在资源管理错误漏洞,该漏洞源于OTLP HTTP导出器将完整的HTTP响应读入内存字节向量且无大小限制,可能导致在配置的收集器端点被攻击者控制时引发内存耗尽。
CVSS Information
N/A
Vulnerability Type
N/A