Zurück zur CVE-Übersicht
CVE-2026-45287
NONERisk Signal Score5/100 — NIEDRIG
EPSS-Score
0%
Exploit-Wahrscheinlichkeit (30 Tage)
Beschreibung
OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1` leaks one file descriptor on each successful `ParseFile` call. `ParseFile` opens the schema file and passes it to `Parse` without closing it; repeated parsing in a long-running process can exhaust the process file descriptor limit and cause denial of service. Exploitation depends on a consuming application exposing repeated schema parsing to an attacker-controlled path. Version 0.0.17 contains a patch for the issue.
GitHub Advisories
GHSA-995v-fvrw-c78mLOW
opentelemetry-go's Schema ParseFile leaks file descriptors on each parse
go/go.opentelemetry.io/otel/schema/v1.1→ 0.0.17
GitHub AdvisoryReferenzen
- https://github.com/open-telemetry/opentelemetry-go/commit/e72a235518cb773137efd8...
- https://github.com/open-telemetry/opentelemetry-go/commit/f12d198f161b61735d6570...
- https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-995v...
- https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-995v...