OpenTelemetry eBPF Instrumentation Integer Overflow Vulnerability in Memcached Protocol Parser Leading to Denial-of-Service

A remote integer overflow vulnerability has been identified in the OpenTelemetry eBPF Instrumentation, specifically in versions 0.7.0 prior to 0.9.0. The issue arises in OBI's memcached text protocol parser, where the parser accepts excessively large byte values in storage commands without proper overflow checks. This flaw can be exploited by sending a crafted request that causes the calculated payload length to wrap around negatively, leading to a runtime panic and crashing the OBI process. The vulnerability allows for a denial-of-service condition, disrupting telemetry collection until the process is manually restarted.

Impact

Exploitation of this vulnerability causes a runtime panic that crashes the OBI process, which runs as a privileged instrumentation service. This disruption halts telemetry collection until the process is restarted.

Reproduction

The vulnerability can be reproduced by sending a crafted memcached storage command with a byte value set to 'math.MaxInt' or 'math.MaxInt-1' from an application that the OBI process is monitoring. This can be done using a Python script that connects to a memcached server and sends the manipulated command. The OBI process will crash due to the unhandled integer overflow, which can be confirmed by checking the process status or logs.

Remediation

Users can upgrade to OpenTelemetry eBPF Instrumentation version 0.9.0 or later, where this vulnerability has been patched.