{"schema_version":"1.3.1","id":"GO-2023-2113","modified":"2024-05-20T16:03:47Z","published":"2023-10-16T19:30:55Z","aliases":["CVE-2023-45142","GHSA-rcjv-mgp8-qvmr"],"related":["CVE-2022-21698","CVE-2023-25151","GHSA-5r5m-65gx-7vrh","GHSA-cg3q-j54f-5p7p"],"summary":"Memory exhaustion in go.opentelemetry.io/contrib/instrumentation","details":"Memory exhaustion in go.opentelemetry.io/contrib/instrumentation","affected":[{"package":{"name":"go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.44.0"}]}],"ecosystem_specific":{"imports":[{"path":"go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconvutil","symbols":["HTTPClientRequest","HTTPServerRequest","httpConv.ClientRequest","httpConv.ServerRequest","httpConv.proto"]}]}},{"package":{"name":"go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.44.0"}]}],"ecosystem_specific":{"imports":[{"path":"go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconvutil","symbols":["HTTPClientRequest","HTTPServerRequest","httpConv.ClientRequest","httpConv.ServerRequest","httpConv.proto"]}]}},{"package":{"name":"go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.44.0"}]}],"ecosystem_specific":{"imports":[{"path":"go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux/internal/semconvutil","symbols":["HTTPClientRequest","HTTPServerRequest","httpConv.ClientRequest","httpConv.ServerRequest","httpConv.proto"]}]}},{"package":{"name":"go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.44.0"}]}],"ecosystem_specific":{"imports":[{"path":"go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho/internal/semconvutil","symbols":["HTTPClientRequest","HTTPServerRequest","httpConv.ClientRequest","httpConv.ServerRequest","httpConv.proto"]}]}},{"package":{"name":"go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.44.0"}]}],"ecosystem_specific":{"imports":[{"path":"go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron/internal/semconvutil","symbols":["HTTPClientRequest","HTTPServerRequest","httpConv.ClientRequest","httpConv.ServerRequest","httpConv.proto"]}]}},{"package":{"name":"go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.44.0"}]}],"ecosystem_specific":{"imports":[{"path":"go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace/internal/semconvutil","symbols":["HTTPClientRequest","HTTPServerRequest","httpConv.ClientRequest","httpConv.ServerRequest","httpConv.proto"]}]}},{"package":{"name":"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp","ecosystem":"Go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.44.0"}]}],"ecosystem_specific":{"imports":[{"path":"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp","symbols":["middleware.serveHTTP"]}]}}],"references":[{"type":"ADVISORY","url":"https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr"},{"type":"FIX","url":"https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277"}],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2023-2113","review_status":"REVIEWED"}}