Описание
The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue. It is also fixed in the confighttp module version 0.102.0 and configgrpc module version 0.102.1.
Ссылки
- Patch
- Patch
- ExploitThird Party Advisory
- Vendor Advisory
- Patch
- Patch
- ExploitThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
8.2 High
CVSS3
7.5 High
CVSS3
Дефекты
Связанные уязвимости
The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue. It is also fixed in the confighttp module version 0.102.0 and configgrpc module version 0.102.1.
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC
Уязвимость модулей confighttp и configgrpc программного обеспечения обработки данных телеметрии OpenTelemetry Collector, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
8.2 High
CVSS3
7.5 High
CVSS3