PT-2026-41789 · Unknown · @Opentelemetry/Instrumentation
CVSS v3.1
5.3
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
OpenTelemetry eBPF Instrumentation versions 0.7.0 through 0.8.x
Description
The log enricher mishandles
writev buffers by reading only the first iovec entry while using the total iov iter.count as the copy length. When log injection is enabled, a crafted multi-segment writev call can cause the software to read and overwrite memory beyond the first segment. This occurs because the fill iov() function resolves only one struct iovec, but the write() function uses the total byte count across all segments. This memory safety flaw can lead to the corruption of adjacent application buffers, memory leakage into log events, or process instability.Recommendations
Update to version 0.9.0.
As a temporary workaround, disable the log injection feature to minimize the risk of exploitation.
Exploit
Fix
Memory Corruption
Buffer Over-read
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
@Opentelemetry/Instrumentation