Memory Allocation with Excessive Size Value

Overview OpenTelemetry.Exporter.OpenTelemetryProtocol is an OTLP Exporter for OpenTelemetry .NET. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the OTLP exporter. An attacker can cause memory exhaustion by configuring a malicious back-end or...

OpenTelemetry .NET has potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path

Summary !IMPORTANT There is no plan to fix this issue as OpenTelemetry.Exporter.Jaeger was deprecated in 2023. It is for informational purposes only. OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set...

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value through the UploadTraces, UploadMetrics, and uploadLogs response-handling paths in exporters/otlp/otlptrace/otlptracehttp/client.go, exporters/otlp/otlpmetric/otlpmetrichttp/client.go, and...

CVE-2026-39882

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters traces/metrics/logs read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...