CVE-2023-47108
Discription
A memory exhaustion flaw was found in the otelgrpc handler of open-telemetry. This flaw may allow a remote unauthenticated attacker to flood the peer address and port and exhaust the server's memory by sending multiple malicious requests, affecting the availability of the system. Mitigation As a workaround, use a view removing the attributes. Another possibility is to disable grpc metrics instrumentation by passing otelgrpc.WithMeterProvider option with…Read More
References
Back to Main