{"id":"GO-2023-2113","summary":"Memory exhaustion in go.opentelemetry.io/contrib/instrumentation","details":"Memory exhaustion in go.opentelemetry.io/contrib/instrumentation","aliases":["CVE-2023-45142","GHSA-rcjv-mgp8-qvmr"],"modified":"2026-03-17T04:49:03.356680Z","published":"2023-10-16T19:30:55Z","related":["CGA-hgjv-cj3f-pfjf","CVE-2022-21698","CVE-2023-25151","GHSA-5r5m-65gx-7vrh","GHSA-cg3q-j54f-5p7p"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2023-2113","review_status":"REVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr"},{"type":"FIX","url":"https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4277"}],"affected":[{"package":{"name":"go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful","ecosystem":"Go","purl":"pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.44.0"}]}],"ecosystem_specific":{"imports":[{"symbols":["HTTPClientRequest","HTTPServerRequest","httpConv.ClientRequest","httpConv.ServerRequest","httpConv.proto"],"path":"go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful/internal/semconvutil"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2023-2113.json"}},{"package":{"name":"go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin","ecosystem":"Go","purl":"pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.44.0"}]}],"ecosystem_specific":{"imports":[{"symbols":["HTTPClientRequest","HTTPServerRequest","httpConv.ClientRequest","httpConv.ServerRequest","httpConv.proto"],"path":"go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin/internal/semconvutil"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2023-2113.json"}},{"package":{"name":"go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux","ecosystem":"Go","purl":"pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.44.0"}]}],"ecosystem_specific":{"imports":[{"symbols":["HTTPClientRequest","HTTPServerRequest","httpConv.ClientRequest","httpConv.ServerRequest","httpConv.proto"],"path":"go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux/internal/semconvutil"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2023-2113.json"}},{"package":{"name":"go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho","ecosystem":"Go","purl":"pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.44.0"}]}],"ecosystem_specific":{"imports":[{"symbols":["HTTPClientRequest","HTTPServerRequest","httpConv.ClientRequest","httpConv.ServerRequest","httpConv.proto"],"path":"go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho/internal/semconvutil"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2023-2113.json"}},{"package":{"name":"go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron","ecosystem":"Go","purl":"pkg:golang/go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.44.0"}]}],"ecosystem_specific":{"imports":[{"symbols":["HTTPClientRequest","HTTPServerRequest","httpConv.ClientRequest","httpConv.ServerRequest","httpConv.proto"],"path":"go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron/internal/semconvutil"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2023-2113.json"}},{"package":{"name":"go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace","ecosystem":"Go","purl":"pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.44.0"}]}],"ecosystem_specific":{"imports":[{"symbols":["HTTPClientRequest","HTTPServerRequest","httpConv.ClientRequest","httpConv.ServerRequest","httpConv.proto"],"path":"go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace/internal/semconvutil"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2023-2113.json"}},{"package":{"name":"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp","ecosystem":"Go","purl":"pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.44.0"}]}],"ecosystem_specific":{"imports":[{"symbols":["middleware.serveHTTP"],"path":"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2023-2113.json"}}],"schema_version":"1.7.5"}