OpenTelemetry eBPF Instrumentation implements a Postgres protocol parser that expects BIND message payloads to contain a valid NUL-terminated portal name. A specially crafted payload that is empty or lacks the terminating NUL can cause the parser to read past the end of the provided buffer, leading to a panic and process crash. This failure disrupts service availability and may allow an attacker to bring the instrumentation component down. The weakness is expressed through CWE‑20 (Improper Input Validation) and CWE‑754 (Buffer Overread).

The vulnerability affects the open‑telemetry:opentelemetry‑ebpf‑instrumentation product in all releases prior to v0.9.0. Any environment using this eBPF instrumentation with a Postgres backend is potentially impacted until the component is upgraded to version 0.9.0 or later.

The CVSS score of 7.5 indicates a high severity level. While an EPSS score is not available, the lack of entries in the CISA KEV catalog suggests no known exploit is actively being used. The likely attack vector is network based: a malicious actor can send a malformed Postgres BIND message to an instrumented database server, triggering the panic. The vulnerability requires network access to the Grok endpoint and the ability to send arbitrary BIND payloads; no local privilege escalation is needed.