cve/CVE-2024-36129.md at ba290685fe22de220a539dbecbe46bd650f1a0d5

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00

0xMarcio bc4580b779 Update CVE sources 2024-06-07 04:52

2024-06-07 04:52:01 +00:00

Description

The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue. It is also fixed in the confighttp module version 0.102.0 and configgrpc module version 0.102.1.

POC

Reference

https://github.com/open-telemetry/opentelemetry-collector/security/advisories/GHSA-c74f-6mfw-mm4v

Github

No PoCs found on GitHub currently.

1.0 KiB Raw Blame History

CVE-2024-36129

Description

POC

Reference

Github

1.0 KiB

Raw Blame History