Lucene search
K

14 matches found

Tenable Nessus
Tenable Nessus
added 2024/02/19 12:0 a.m.37 views

Fedora 39 : caddy (2024-22b915e51a)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-22b915e51a advisory. Update to the latest upstream version, which includes a fix for CVE-2023-45142. https://github.com/caddyserver/caddy/releases/tag/v2.7.6 Tenable has extracte...

7.5CVSS8.1AI score0.01364EPSS
Exploits0References2
Amazon
Amazon
added 2024/02/05 12:0 a.m.47 views

Important: cri-tools

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS6.8AI score0.01364EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/01/31 4:41 p.m.1 views

opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound cardinality metrics

A memory exhaustion flaw was found in the otelgrpc handler of open-telemetry. This flaw may allow a remote unauthenticated attacker to flood the peer address and port and exhaust the server's memory by sending multiple malicious requests, affecting the availability of the system...

7.5CVSS7.2AI score0.01592EPSS
Exploits0References5
GitLab Advisory Database
GitLab Advisory Database
added 2023/11/12 12:0 a.m.65 views

otelgrpc DoS vulnerability due to unbound cardinality metrics

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the server's potential memory exhaustio...

7.5CVSS7AI score0.01592EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/10 6:31 p.m.18 views

CVE-2023-47108 DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...

7.5CVSS6AI score0.01592EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2023/10/16 2:1 p.m.47 views

OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics

Summary This handler wrapper https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.goL63-L65 out of the box adds labels - http.useragent - http.method that have unbound cardinality. It leads to the server...

7.5CVSS7.2AI score0.01364EPSS
Exploits0References11Affected Software7
OSV
OSV
added 2023/10/16 2:1 p.m.24 views

GHSA-RCJV-MGP8-QVMR OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics

Summary This handler wrapper https://github.com/open-telemetry/opentelemetry-go-contrib/blob/5f7e6ad5a49b45df45f61a1deb29d7f1158032df/instrumentation/net/http/otelhttp/handler.goL63-L65 out of the box adds labels - http.useragent - http.method that have unbound cardinality. It leads to the server...

7.5CVSS8.9AI score0.01364EPSS
Exploits0References11
GitLab Advisory Database
GitLab Advisory Database
added 2023/10/16 12:0 a.m.35 views

Allocation of Resources Without Limits or Throttling

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

7.5CVSS6.2AI score0.01364EPSS
Exploits0References10Affected Software1
Veracode
Veracode
added 2023/10/13 12:27 p.m.26 views

Denial Of Service

opentelemetry-go-contrib is vulnerable to Denial of Service. The handler wrapper adds labels that have unbound cardinality. An attacker can send malicious requests which leads to a memory exhaustion...

7.5CVSS7AI score0.01364EPSS
Exploits0References10Affected Software2
AlpineLinux
AlpineLinux
added 2023/10/12 4:33 p.m.38 views

CVE-2023-45142

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

7.5CVSS7.9AI score0.01364EPSS
Exploits0
Cvelist
Cvelist
added 2023/10/12 4:33 p.m.49 views

CVE-2023-45142 OpenTelemetry-Go Contrib has DoS vulnerability in otelhttp due to unbound cardinality metrics

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

7.5CVSS7.7AI score0.01364EPSS
Exploits0References9
Prion
Prion
added 2023/10/06 2:15 p.m.15 views

Design/Logic Flaw

OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label httpmethod that has unbound cardinality. It...

5CVSS7.5AI score0.00685EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/06 1:53 p.m.14 views

CVE-2023-43810 opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics

OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label httpmethod that has unbound cardinality. It...

7.5CVSS7.1AI score0.00685EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/10/02 11:29 p.m.41 views

opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics

Summary Autoinstrumentation out of the box adds the label httpmethod that has unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. Details HTTP method for requests can be easily set by an attacker to be random and long. PoC Send many...

7.5CVSS6.8AI score0.00685EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder