pkg:Go/go.opentelemetry.io/obi

All known vulnerabilities

• HIGH8.4CVE-2026-41433OpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR
  >= 0.4.0, < 0.8.0
• HIGH7.5CVE-2026-45686OpenTelemetry eBPF Instrumentation: Memcached payload length overflow can crash OBI
  >= 0.7.0, < 0.9.0
• HIGH7.5CVE-2026-45685OpenTelemetry eBPF Instrumentation: MongoDB parser panics on malformed wire messages
  from 0, < 0.9.0
• HIGH7.5OpenTelemetry eBPF Instrumentation: Postgres BIND parsing can panic on malformed payloads
  from 0, < 0.9.0
• MEDIUM6.5OpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messages
  from 0, < 0.9.0
• MEDIUM5.9OpenTelemetry eBPF Instrumentation: CPU-mismatch fallback uses 256-byte buffer with 8KB size
  from 0, < 0.9.0
• MEDIUM5.9OpenTelemetry eBPF Instrumentation: Unbounded BPF internal metrics replay can exhaust CPU
  from 0, < 0.9.0
• MEDIUM5.5OpenTelemetry eBPF Instrumentation: Unsafe fastelf parsing allows malformed ELF to crash agent
  from 0, < 0.9.0
• MEDIUM5.1OpenTelemetry eBPF Instrumentation: CappedConcurrentHashMap leaks keys after removals
  from 0, < 0.9.0
• MEDIUM4.9OpenTelemetry eBPF Instrumentation: Log enricher writev path can overread and overwrite user buffers
  >= 0.7.0, < 0.9.0
• LOW3.8OpenTelemetry eBPF Instrumentation: Java TLS ioctl kprobe allows kernel memory disclosure
  from 0, < 0.9.0