GHSA-q834-8qmm-v933: OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies
Summary
OpenTelemetry's OTLP exporter (a tool for sending telemetry data, which is information about how software is performing) reads error response bodies from servers with no limit on size, potentially causing memory exhaustion if an attacker controls the server or intercepts the connection. This could crash applications by filling up their available memory.
Solution / Mitigation
PR #7017 updates the OTLP exporter to limit response body reads to 4MiB (megabytes) in error conditions and only attempt to read the response body when OpenTelemetry error logging is enabled.
Vulnerability Details
EPSS: 0.0%
Yes
April 23, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p
Original source: https://github.com/advisories/GHSA-q834-8qmm-v933
First tracked: April 23, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 75%