CVE-2023-47108
CVE Details
Last Update
10/10/2024
NIST CVE Summary
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc
Unary Server Interceptor out of the box adds labels net.peer.sock.addr
and net.peer.sock.port
that have unbound
cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent.
Our Official Summary
CVE exists in vsphere-csi 3.2.0, and kube-controller-manaer version 1.28.11. Impacts all vsphere clusters. There is no workaround.
CVE Severity
Status
Ongoing
Affected Products & Versions
- Palette VerteX 4.4.14, 4.4.18, 4.5.3
- Palette Enterprise 4.4.18, 4.5.3
Revision History
- 1.0 08/16/2024 Initial Publication
- 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products
- 3.0 09/17/2024 Added Palette VerteX 4.4.18 & Palette Enterprise 4.4.18 to Affected Products
- 4.0 10/10/2024 Added Palette VerteX 4.5.3 & Palette Enterprise 4.5.3 to Affected Products