{"data":{"id":"27ee3e9f-5236-4cb7-bcfb-0af6ad997fff","title":"GHSA-r6c9-g6q5-qrf9: OpenTelemetry eBPF Instrumentation: CPU-mismatch fallback uses 256-byte buffer with 8KB size","summary":"OpenTelemetry eBPF Instrumentation (OBI) has a memory leak vulnerability where a CPU mismatch causes the system to use a 256-byte fallback buffer but still tries to read up to 8KB of data from it, reading beyond the buffer's boundaries and leaking adjacent memory into telemetry (data about system performance). This happens in the HTTP tracing path when context propagation is enabled and certain conditions are met.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-r6c9-g6q5-qrf9","publishedAt":"2026-05-18T20:11:20.000Z","cveId":"CVE-2026-45681","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":["go.opentelemetry.io/obi@< 0.9.0 (fixed: 0.9.0)"],"affectedVendors":[],"affectedVendorsRaw":["OpenTelemetry"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-18T20:11:20.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}