漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenTelemetry Collector has a Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC
Vulnerability Description
The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue. It is also fixed in the confighttp module version 0.102.0 and configgrpc module version 0.102.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Vulnerability Type
内存缓冲区边界内操作的限制不恰当
Vulnerability Title
OpenTelemetry Collector 安全漏洞
Vulnerability Description
OpenTelemetry Collector是OpenTelemetry项目的一个用于接收、处理和导出遥测数据的软件。 OpenTelemetry Collector存在安全漏洞,该漏洞源于存在不安全的解压漏洞,允许未经身份验证的攻击者通过过度消耗内存来使收集器崩溃。
CVSS Information
N/A
Vulnerability Type
N/A