{"data":{"id":"8ab5a479-7842-47bd-8663-de21581cd9f4","title":"GHSA-mr8r-92fq-pj8p: OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling","summary":"OpenTelemetry's dotnet implementation has a vulnerability in how it handles gRPC responses during retries. When the server sends a `grpc-status-details-bin` trailer (extra data sent with a response), the code reads a length value from it without checking if that length is reasonable, potentially allowing an attacker to force the application to allocate massive amounts of memory and crash it (a denial of service attack, or DoS). A malicious collector or someone intercepting network traffic could exploit this.","solution":"Pull request #7064 updates `GrpcStatusDeserializer` to validate decoded length-delimited field sizes before allocation by ensuring the requested length is sane and does not exceed the remaining payload. This causes malformed or truncated `grpc-status-details-bin` payloads to fail safely instead of attempting unbounded allocation.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-mr8r-92fq-pj8p","publishedAt":"2026-04-23T21:40:29.000Z","cveId":"CVE-2026-40891","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":["OpenTelemetry.Exporter.OpenTelemetryProtocol@>= 1.13.1, < 1.15.3 (fixed: 1.15.3)"],"affectedVendors":[],"affectedVendorsRaw":["OpenTelemetry"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-04-23T21:40:29.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}