Lucene search
+L

149 matches found

OSV
OSV
added 2026/04/23 9:43 p.m.40 views

GHSA-G94R-2VXG-569J OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers

Summary The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators NuGet packages can allocate excessive memory when parsing which could create a potential denial of service DoS in the consuming application. Details...

5.3CVSS5.8AI score0.00458EPSS
Exploits0References10
EUVD
EUVD
added 2026/04/23 9:43 p.m.12 views

EUVD-2026-25269

OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers...

5.3CVSS5.7AI score0.00458EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/04/23 9:43 p.m.103 views

OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers

Summary The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators NuGet packages can allocate excessive memory when parsing which could create a potential denial of service DoS in the consuming application. Details...

5.3CVSS5.8AI score0.00458EPSS
Exploits0References10Affected Software2
NVD
NVD
added 2026/04/23 7:17 p.m.9 views

CVE-2026-40894

OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators...

5.3CVSS0.00458EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/23 6:3 p.m.4 views

CVE-2026-40894

OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators...

5.3CVSS5.8AI score0.00458EPSS
Exploits0References7Affected Software3
OSV
OSV
added 2026/04/23 6:3 p.m.4 views

CVE-2026-40894 OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers

OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators...

5.3CVSS6AI score0.00458EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.5 views

PT-2026-34720

Name of the Vulnerable Software and Affected Versions OpenTelemetry.Api versions 0.5.0-beta.2 through 1.15.2 OpenTelemetry.Extensions.Propagators versions 1.3.1 through 1.15.2 Description Implementation details of the baggage, B3, and Jaeger processing code in the OpenTelemetry.Api and...

5.3CVSS5.2AI score0.00458EPSS
Exploits0References16
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.13 views

OpenTelemetry .NET 安全漏洞

OpenTelemetry .NET is the .NET client of OpenTelemetry developed by OpenTelemetry Inc. There is a security vulnerability in OpenTelemetry .NET, which stems from the implementation details of baggage, B3, and Jaeger handling code. This vulnerability may lead to excessive memory allocation during...

5.3CVSS5.8AI score0.00458EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/04/11 8:3 a.m.10 views

OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)

...

7.5CVSS5.8AI score0.00435EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-29181

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value...

7.5CVSS5.8AI score0.00435EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 10:12 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the baggage header extraction process. An attacker can cause excessive CPU and memory allocations by sending numerous baggage header lines, even if each individual value remains...

8.7CVSS5.8AI score0.00435EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 10:12 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the baggage header extraction process. An attacker can cause excessive CPU and memory allocations by sending numerous baggage header lines, even if each individual value remains...

8.7CVSS5.8AI score0.00435EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 10:12 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the baggage header extraction process. An attacker can cause excessive CPU and memory allocations by sending numerous baggage header lines, even if each individual value remains...

8.7CVSS5.8AI score0.00435EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 10:12 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the baggage header extraction process. An attacker can cause excessive CPU and memory allocations by sending numerous baggage header lines, even if each individual value remains...

8.7CVSS5.8AI score0.00435EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 10:12 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the baggage header extraction process. An attacker can cause excessive CPU and memory allocations by sending numerous baggage header lines, even if each individual value remains...

8.7CVSS5.8AI score0.00435EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 10:12 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the baggage header extraction process. An attacker can cause excessive CPU and memory allocations by sending numerous baggage header lines, even if each individual value remains...

8.7CVSS5.8AI score0.00435EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 10:12 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the baggage header extraction process. An attacker can cause excessive CPU and memory allocations by sending numerous baggage header lines, even if each individual value remains...

8.7CVSS5.8AI score0.00435EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 10:12 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the baggage header extraction process. An attacker can cause excessive CPU and memory allocations by sending numerous baggage header lines, even if each individual value remains...

8.7CVSS5.8AI score0.00435EPSS
Exploits1References2
OSV
OSV
added 2026/04/07 9:17 p.m.1 views

DEBIAN-CVE-2026-29181

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

7.5CVSS5.8AI score0.00435EPSS
Exploits1References1
NVD
NVD
added 2026/04/07 9:17 p.m.10 views

CVE-2026-29181

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines...

7.5CVSS0.00435EPSS
Exploits1References5
Rows per page
Query Builder