PT-2026-41782 · Unknown · @Opentelemetry/Instrumentation
Mralias
·
Published
2026-05-18
·
Updated
2026-06-25
·
CVE-2026-45676
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
OpenTelemetry eBPF Instrumentation versions prior to 0.9.0
Description
The replacement ELF parser trusts section offsets, counts, and string offsets from executable files. A crafted local ELF file can cause the agent to dereference invalid section pointers or slice past string tables, leading to a panic while determining the process language. This results in a local denial of service against the telemetry agent, allowing a local user to crash the agent and interrupt observability for other workloads. Technical details include the
matchExeSymbols() function iterating over sections using unvalidated fastelf context, and the GetCStringUnsafe() and ReadStruct() functions performing unsafe slicing and pointer conversion without guarding against out-of-range or negative offsets. Additionally, NewElfContextFromData() trusts Shoff, Shnum, and Phnum from the ELF header without validating offsets.Recommendations
Update to version 0.9.0.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
@Opentelemetry/Instrumentation