AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-vvmg-8mjr-g6q3: OpenTelemetry eBPF Instrumentation: Log enricher writev path can overread and overwrite user buffers

mediumvulnerability

security

Source: GitHub Advisory DatabaseMay 18, 2026CVE-2026-45684

Summary

OpenTelemetry eBPF Instrumentation (OBI) has a memory safety bug in its log enricher that mishandles writev calls (a system call that writes multiple buffer segments at once). When log injection is enabled, the code reads only the first buffer segment but copies as many bytes as all segments combined, causing it to read and overwrite memory beyond what it should access. This can corrupt application buffers, leak sensitive data into logs, or crash the instrumented process.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Patch Available

Yes

Disclosure Date

May 18, 2026

Classification

Attack SophisticationModerate

Affected Packages

go.opentelemetry.io/obi@>= 0.7.0, < 0.9.0 (fixed: 0.9.0)

Monthly digest — independent AI security research

Original source: https://github.com/advisories/GHSA-vvmg-8mjr-g6q3

First tracked: May 18, 2026 at 08:00 PM

Classified by LLM (prompt v3) · confidence: 95%