PT-2026-3508 · Unknown · Swift-W3C-Trace-Context+1
Czechboy0
·
Publicado
2026-01-19
·
Atualizado
2026-01-21
·
CVE-2026-23886
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Swift W3C TraceContext versions prior to 1.0.0-beta.5
Swift OTel versions prior to 1.0.4
Description
A flaw exists in Swift W3C TraceContext and Swift OTel due to insufficient input validation. This can lead to a denial-of-service condition, potentially crashing the service when processing malformed HTTP headers. The issue arises from data received over the network, such as when used with an HTTP server. A workaround involves disabling either Swift OTel or the code responsible for extracting trace information from incoming headers.
Recommendations
Update Swift W3C TraceContext to version 1.0.0-beta.5 or later.
Update Swift OTel to version 1.0.4 or later.
As a temporary workaround, disable Swift OTel.
As a temporary workaround, disable the code that extracts trace information from incoming headers.
Exploit
Correção
DoS
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Swift Otel
Swift-W3C-Trace-Context