top of page
perceptive_background_267k.jpg

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assum…

Published:

1 juni 2026 om 22:00:00

Alert date:

2 juni 2026 om 17:02:02

Source:

nvd.nist.gov

Click to open the original link from this advisory

Database & Storage, Security Tools

CVE-2026-45678 affects OpenTelemetry eBPF Instrumentation prior to version 0.9.0. The vulnerability exists in the Postgres protocol parser which incorrectly assumes BIND message payloads contain valid NUL-terminated portal names. Attackers can exploit this by sending crafted empty or unterminated payloads, causing the application to slice beyond the captured buffer boundaries and panic. This buffer overflow condition could lead to denial of service attacks. The issue has been resolved in version 0.9.0 of the OpenTelemetry eBPF Instrumentation package.

Technical details

Mitigation steps:

Affected products:

OpenTelemetry eBPF Instrumentation

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-45678
https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/releases/tag/v0.9.0
https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-pgvv-q3wf-mm9m

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page