Opentelemetry.Resources.Azure
Approved changes feed: RSS · Atom
cpe:2.3:a:opentelemetry:opentelemetry.resources.azure:*:*:*:*:*:.net:*:*
part: a version: * update: *
| Vendor | Opentelemetry (39d78cb4-5c3d-536d-a86d-5fcb2abd36d8) |
|---|---|
| Product | Opentelemetry.Resources.Azure (cc68215c-9caa-5688-bf4c-dac2684812fe) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | .net |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/open-telemetry/opentelemetry-dotnet-contrib |
purl2cpe | 2026-06-01 10:13:47.561171 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-41483 |
vulnerable | 2026-06-03 15:23:36.082457 |
Unbounded HTTP response body read in OpenTelemetry.Resources.Azure
MEDIUM (5.9)
OpenTelemetry.Resources.Azure is the .NET resource detector for Azure environments. In versions 1.15.0-beta.1 and earlier, the AzureVmMetaDataRequestor class makes HTTP requests to the Azure VM instance metadata service and reads the response body into memory without any size limit. An attacker who controls the configured endpoint, or who can intercept traffic to it via a man-in-the-middle attack, can return an arbitrarily large response body. This causes unbounded heap allocation in the consuming process, leading to high transient memory pressure, garbage-collection stalls, or an OutOfMemoryException that terminates the process. As a workaround, disable the Azure VM resource detector or use network-level controls such as firewall rules, mTLS, or a service mesh to prevent man-in-the-middle attacks on the Azure VM instance metadata endpoint. This issue is fixed in version 1.15.1-beta.1, which streams responses rather than buffering them entirely in memory and ignores responses larger than 4 MiB.
Published: 2026-05-06T20:58:33.021Z
Updated: 2026-05-07T13:51:40.022Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.