cve/CVE-2024-36129.md at a8969e132322a214e7b78da5711159d6f891f0ab

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00

0xMarcio bc4580b779 Update CVE sources 2024-06-07 04:52

2024-06-07 04:52:01 +00:00

Description

The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue. It is also fixed in the confighttp module version 0.102.0 and configgrpc module version 0.102.1.

POC

Reference

https://github.com/open-telemetry/opentelemetry-collector/security/advisories/GHSA-c74f-6mfw-mm4v

Github

No PoCs found on GitHub currently.

1.0 KiB Raw Blame History

CVE-2024-36129

Description

POC

Reference

Github

1.0 KiB

Raw Blame History