CVE-2025-27513

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-27513

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27513.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-27513

Aliases

GHSA-8785-wc3w-h8q6

Related

CGA-j5m9-hfj2-w34c

Published

2025-03-05T19:15:39Z

Modified

2025-03-06T08:45:16.549793Z

Summary

[none]

Details

OpenTelemetry dotnet is a dotnet telemetry framework. A vulnerability in OpenTelemetry.Api package 1.10.0 to 1.11.1 could cause a Denial of Service (DoS) when a tracestate and traceparent header is received. Even if an application does not explicitly use trace context propagation, receiving these headers can still trigger high CPU usage. This issue impacts any application accessible over the web or backend services that process HTTP requests containing a tracestate header. Application may experience excessive resource consumption, leading to increased latency, degraded performance, or downtime. This vulnerability is fixed in 1.11.2.

References

Affected packages

Git / github.com/open-telemetry/opentelemetry-dotnet

Affected ranges

Type: GIT
Repo: https://github.com/open-telemetry/opentelemetry-dotnet
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1b555c1201413f2f55f2cd3c4ba03ef4b615b6b5

Affected versions

0.*

0.2.0-alpha

0.3.0-beta

0.4.0-beta

0.5.0-beta

0.6.0-beta

0.7.0-beta

0.8.0-beta

1.*

1.0.0-rc1

1.0.0-rc10

1.0.0-rc2

1.0.0-rc3

1.0.0-rc4

1.0.0-rc5

1.0.0-rc6

1.0.0-rc7

1.0.0-rc8

1.0.0-rc9

1.0.0-rc9.1

1.0.0-rc9.10

1.0.0-rc9.11

1.0.0-rc9.12

1.0.0-rc9.13

1.0.0-rc9.14

1.0.0-rc9.2

1.0.0-rc9.3

1.0.0-rc9.4

1.0.0-rc9.5

1.0.0-rc9.6

1.0.0-rc9.7

1.0.0-rc9.8

1.0.0-rc9.9

1.5.0-beta.1

1.5.1-beta.1

1.6.0-beta.1

1.6.0-beta.2

1.6.0-beta.3

1.6.0-rc.1

1.7.0-beta.1

Instrumentation.*

Instrumentation.AspNetCore-1.6.0

Instrumentation.AspNetCore-1.7.0

Instrumentation.AspNetCore-1.7.1

Instrumentation.AspNetCore-1.8.0

Instrumentation.AspNetCore-1.8.1

Instrumentation.GrpcNetClient-1.7.0-beta.1

Instrumentation.GrpcNetClient-1.8.0-beta.1

Instrumentation.Http-1.6.0

Instrumentation.Http-1.7.0

Instrumentation.Http-1.7.1

Instrumentation.Http-1.8.0

Instrumentation.Http-1.8.1

Instrumentation.SqlClient-1.7.0-beta.1

Instrumentation.SqlClient-1.8.0-beta.1

core-1.*

core-1.0.0-rc3

core-1.0.0-rc4

core-1.0.1

core-1.1.0

core-1.1.0-beta1

core-1.1.0-beta2

core-1.1.0-beta3

core-1.1.0-beta4

core-1.1.0-rc1

core-1.10.0

core-1.10.0-beta.1

core-1.10.0-rc.1

core-1.11.0

core-1.11.0-rc.1

core-1.11.1

core-1.2.0

core-1.2.0-alpha1

core-1.2.0-alpha2

core-1.2.0-alpha3

core-1.2.0-alpha4

core-1.2.0-beta1

core-1.2.0-beta2

core-1.2.0-rc1

core-1.2.0-rc2

core-1.2.0-rc3

core-1.2.0-rc4

core-1.2.0-rc5

core-1.3.0

core-1.3.0-beta.1

core-1.3.0-beta.2

core-1.3.0-rc.2

core-1.4.0

core-1.4.0-alpha.1

core-1.4.0-alpha.2

core-1.4.0-beta.1

core-1.4.0-beta.2

core-1.4.0-beta.3

core-1.4.0-rc.1

core-1.4.0-rc.2

core-1.4.0-rc.3

core-1.4.0-rc.4

core-1.5.0

core-1.5.0-alpha.1

core-1.5.0-rc.1

core-1.6.0

core-1.6.0-alpha.1

core-1.6.0-rc.1

core-1.7.0

core-1.7.0-alpha.1

core-1.7.0-rc.1

core-1.8.0

core-1.8.0-beta.1

core-1.8.0-rc.1

core-1.9.0

core-1.9.0-alpha.1

core-1.9.0-rc.1

coreunstable-1.*

coreunstable-1.10.0-beta.1

coreunstable-1.11.0-beta.1

coreunstable-1.9.0-alpha.1

coreunstable-1.9.0-alpha.2

coreunstable-1.9.0-beta.1

coreunstable-1.9.0-beta.2