High severity8.2NVD Advisory· Published Jun 5, 2024· Updated Jun 17, 2026
CVE-2024-36129
CVE-2024-36129
Description
The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue. It is also fixed in the confighttp module version 0.102.0 and configgrpc module version 0.102.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
go.opentelemetry.io/collector/config/confighttpGo | < 0.102.0 | 0.102.0 |
go.opentelemetry.io/collector/config/configgrpcGo | < 0.102.1 | 0.102.1 |
Affected products
56- osv-coords55 versionspkg:apk/chainguard/datadog-agentpkg:apk/chainguard/datadog-agent-core-integrationspkg:apk/chainguard/datadog-agent-core-integrations-fipspkg:apk/chainguard/datadog-agent-fakeintakepkg:apk/chainguard/datadog-agent-fakeintake-fipspkg:apk/chainguard/datadog-agent-fipspkg:apk/chainguard/datadog-agent-jmxpkg:apk/chainguard/datadog-agent-jmx-fipspkg:apk/chainguard/datadog-agent-oci-compatpkg:apk/chainguard/datadog-agent-oci-compat-fipspkg:apk/chainguard/datadog-agent-s6-overlaypkg:apk/chainguard/datadog-agent-s6-overlay-fipspkg:apk/chainguard/datadog-cluster-agentpkg:apk/chainguard/datadog-cluster-agent-fipspkg:apk/chainguard/datadog-cluster-agent-oci-compatpkg:apk/chainguard/datadog-cluster-agent-oci-compat-fipspkg:apk/chainguard/dogstatsdpkg:apk/chainguard/opentelemetry-collectorpkg:apk/chainguard/opentelemetry-collector-compatpkg:apk/chainguard/opentelemetry-collector-contribpkg:apk/chainguard/opentelemetry-collector-contrib-compatpkg:apk/chainguard/opentelemetry-collector-contrib-fipspkg:apk/chainguard/opentelemetry-collector-fipspkg:apk/chainguard/opentelemetry-collector-ocbpkg:apk/chainguard/opentelemetry-collector-ocb-fipspkg:apk/chainguard/tempopkg:apk/chainguard/tempo-clipkg:apk/chainguard/tempo-fipspkg:apk/chainguard/tempo-fips-clipkg:apk/chainguard/tempo-fips-querypkg:apk/chainguard/tempo-fips-vulturepkg:apk/chainguard/tempo-querypkg:apk/chainguard/tempo-vulturepkg:apk/wolfi/datadog-agentpkg:apk/wolfi/datadog-agent-core-integrationspkg:apk/wolfi/datadog-agent-fakeintakepkg:apk/wolfi/datadog-agent-jmxpkg:apk/wolfi/datadog-agent-oci-compatpkg:apk/wolfi/datadog-agent-s6-overlaypkg:apk/wolfi/datadog-cluster-agentpkg:apk/wolfi/datadog-cluster-agent-oci-compatpkg:apk/wolfi/dogstatsdpkg:apk/wolfi/opentelemetry-collectorpkg:apk/wolfi/opentelemetry-collector-compatpkg:apk/wolfi/opentelemetry-collector-contribpkg:apk/wolfi/opentelemetry-collector-contrib-compatpkg:apk/wolfi/opentelemetry-collector-ocbpkg:apk/wolfi/tempopkg:apk/wolfi/tempo-clipkg:apk/wolfi/tempo-querypkg:apk/wolfi/tempo-vulturepkg:bitnami/opentelemetry-collectorpkg:golang/go.opentelemetry.io/collector/config/configgrpcpkg:golang/go.opentelemetry.io/collector/config/confighttppkg:rpm/opensuse/alloy&distro=openSUSE%20Tumbleweed
< 7.54.0-r3+ 54 more
- (no CPE)range: < 7.54.0-r3
- (no CPE)range: < 7.54.0-r3
- (no CPE)range: < 7.54.0-r4
- (no CPE)range: < 7.54.0-r3
- (no CPE)range: < 7.54.0-r4
- (no CPE)range: < 7.54.0-r4
- (no CPE)range: < 7.54.0-r3
- (no CPE)range: < 7.54.0-r4
- (no CPE)range: < 7.54.0-r3
- (no CPE)range: < 7.54.0-r4
- (no CPE)range: < 7.54.0-r3
- (no CPE)range: < 7.54.0-r4
- (no CPE)range: < 7.54.0-r3
- (no CPE)range: < 7.54.0-r4
- (no CPE)range: < 7.54.0-r3
- (no CPE)range: < 7.54.0-r4
- (no CPE)range: < 7.54.0-r3
- (no CPE)range: < 0.102.1-r0
- (no CPE)range: < 0.102.1-r0
- (no CPE)range: < 0.102.0-r2
- (no CPE)range: < 0.102.0-r2
- (no CPE)range: < 0.101.0-r2
- (no CPE)range: < 0.102.1-r0
- (no CPE)range: < 0.102.1-r0
- (no CPE)range: < 0.102.1-r0
- (no CPE)range: < 2.5.0-r3
- (no CPE)range: < 2.5.0-r3
- (no CPE)range: < 2.6.0-r0
- (no CPE)range: < 2.6.0-r0
- (no CPE)range: < 2.6.0-r0
- (no CPE)range: < 2.6.0-r0
- (no CPE)range: < 2.5.0-r3
- (no CPE)range: < 2.5.0-r3
- (no CPE)range: < 7.54.0-r3
- (no CPE)range: < 7.54.0-r3
- (no CPE)range: < 7.54.0-r3
- (no CPE)range: < 7.54.0-r3
- (no CPE)range: < 7.54.0-r3
- (no CPE)range: < 7.54.0-r3
- (no CPE)range: < 7.54.0-r3
- (no CPE)range: < 7.54.0-r3
- (no CPE)range: < 7.54.0-r3
- (no CPE)range: < 0.102.1-r0
- (no CPE)range: < 0.102.1-r0
- (no CPE)range: < 0.102.0-r2
- (no CPE)range: < 0.102.0-r2
- (no CPE)range: < 0.102.1-r0
- (no CPE)range: < 2.5.0-r3
- (no CPE)range: < 2.5.0-r3
- (no CPE)range: < 2.5.0-r3
- (no CPE)range: < 2.5.0-r3
- (no CPE)range: < 0.102.1
- (no CPE)range: < 0.102.1
- (no CPE)range: < 0.102.0
- (no CPE)range: < 1.4.3-1.1
- Range: < 0.102.1
Patches
Vulnerability mechanics
References
7- github.com/open-telemetry/opentelemetry-collector/pull/10289nvdPatchWEB
- github.com/open-telemetry/opentelemetry-collector/pull/10323nvdPatchWEB
- github.com/open-telemetry/opentelemetry-collector/security/advisories/GHSA-c74f-6mfw-mm4vnvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-c74f-6mfw-mm4vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-36129ghsaADVISORY
- opentelemetry.io/blog/2024/cve-2024-36129nvdVendor AdvisoryWEB
- pkg.go.dev/vuln/GO-2024-2900ghsaWEB
News mentions
0No linked articles in our index yet.