CVE-2026-44967
MEDIUM
5,3
Source: [email protected]
Attack Vector: adjacent_network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Description
AI Translation Available
OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters (traces/metrics/logs) read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled (or a network attacker can MITM the exporter connection). This vulnerability is fixed in opentelemetry-cpp release 1.27.0.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0002
Percentile
0,0th
Updated
EPSS Score Trend (Last 6 Days)
789
Memory Allocation with Excessive Size Value
DraftCommon Consequences
Security Scopes Affected:
Availability
Potential Impacts:
Dos: Resource Consumption (Memory)
Applicable Platforms
Languages:
C, C++, Not Language-Specific
Application
Opentelemetry by Opentelemetry
Version Range Affected
To
1.27.0
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:opentelemetry:opentelemetry:*:*:*:*:*:c\+\+:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-w8r…
https://github.com/open-telemetry/opentelemetry-cpp/issues/3958
https://github.com/open-telemetry/opentelemetry-cpp/pull/4078
https://github.com/open-telemetry/opentelemetry-cpp/security/advisories/GHSA-5q…
https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-w8r…