3 matches found
CVE-2026-45685
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire messages can trigger uncaught panics in the MongoDB TCP parser, allowing a remote unauthenticated attacker to crash the telemetr...
CVE-2026-45685 OpenTelemetry eBPF Instrumentation: MongoDB parser panics on malformed wire messages
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire messages can trigger uncaught panics in the MongoDB TCP parser, allowing a remote unauthenticated attacker to crash the telemetr...
Incorrect Type Conversion or Cast
Overview Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast through the parseOpMessage, parseSections, and parseFirstField functions. An attacker can cause the telemetry agent to crash and disrupt observability by sending specially crafted MongoDB wire messages ...