VYPR
High severity8.2NVD Advisory· Published Jun 5, 2024· Updated Jun 17, 2026

CVE-2024-36129

CVE-2024-36129

Description

The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue. It is also fixed in the confighttp module version 0.102.0 and configgrpc module version 0.102.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
go.opentelemetry.io/collector/config/confighttpGo
< 0.102.00.102.0
go.opentelemetry.io/collector/config/configgrpcGo
< 0.102.10.102.1

Affected products

56

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.