go.opentelemetry.io/obi
Go11 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting go.opentelemetry.io/obipage 1 of 1
- CVE-2026-41433HIGHCVSS 8.4EG 8.4✓ Fixed in 0.8.02026-04-24
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.8.0, a flaw in the Java agent injection path allows a local attacker controlling a Java workload to overwrite arbi…
- CVE-2026-45676MEDIUMCVSS 5.5EG 5.5✓ Fixed in 0.9.02026-05-18
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section offsets, counts, and string offsets from the executable file. A craft…
- CVE-2026-45678HIGHCVSS 7.5EG 7.5✓ Fixed in 0.9.02026-05-18
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assumes BIND message payloads contain a valid NUL-terminated portal name. A crafted …
- CVE-2026-45679MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.9.02026-05-18
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-con…
- CVE-2026-45680HIGHCVSS 7.5EG 7.5✓ Fixed in 0.9.02026-05-18
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, t…
- CVE-2026-45681MEDIUMCVSS 5.9EG 5.9✓ Fixed in 0.9.02026-05-18
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, w…
- CVE-2026-45682MEDIUMCVSS 5.5EG 5.5✓ Fixed in 0.9.02026-05-18
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-o…
- CVE-2026-45683LOWCVSS 3.8EG 3.8✓ Fixed in 0.9.02026-05-18
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Java TLS ioctl probe reads user-controlled ioctl pointers with bpf_probe_read instead of bpf_probe_read_user.…
- CVE-2026-45684MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.9.02026-05-18
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using …
- CVE-2026-45685HIGHCVSS 7.5EG 7.5✓ Fixed in 0.9.02026-05-18
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire messages can trigger uncaught panics in the MongoDB TCP parser, allowi…
- CVE-2026-45686HIGHCVSS 7.5EG 7.5✓ Fixed in 0.9.02026-05-18
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI's memcached text protocol parser can crash the O…
Check whether go.opentelemetry.io/obi is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for go.opentelemetry.io/obi CVEs against the assets you own.
Start Free Scan →