← Voltar para CVEs
CVE-2024-36129
HIGH8.2
Descricao
The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue. It is also fixed in the confighttp module version 0.102.0 and configgrpc module version 0.102.1.
Detalhes CVE
Pontuacao CVSS v3.18.2
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado6/5/2024
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
opentelemetry:configgrpcopentelemetry:confighttpopentelemetry:opentelemetry_collector
Fraquezas (CWE)
CWE-119CWE-119
Referencias
https://github.com/open-telemetry/opentelemetry-collector/pull/10289(security-advisories@github.com)
https://github.com/open-telemetry/opentelemetry-collector/pull/10323(security-advisories@github.com)
https://github.com/open-telemetry/opentelemetry-collector/security/advisories/GHSA-c74f-6mfw-mm4v(security-advisories@github.com)
https://opentelemetry.io/blog/2024/cve-2024-36129(security-advisories@github.com)
https://github.com/open-telemetry/opentelemetry-collector/pull/10289(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/open-telemetry/opentelemetry-collector/pull/10323(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/open-telemetry/opentelemetry-collector/security/advisories/GHSA-c74f-6mfw-mm4v(af854a3a-2127-422b-91ae-364da2661108)
https://opentelemetry.io/blog/2024/cve-2024-36129(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.