CVE-2026-44697

Published: Mag 29, 2026 Last Modified: Mag 29, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,6
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: changed
Confidentiality: none
Integrity: none
Availability: high

Description

AI Translation Available

Klever-Go is the Go implementation of the Klever blockchain protocol. Prior to 1.7.17, a remote, unauthenticated denial-of-service vulnerability in Batch.Decompress (data/batch/batch.go) allows any peer that participates in a topic served by MultiDataInterceptor to allocate multi-gigabyte heaps on the receiving node from a sub-50 KiB gossip payload. A single packet is sufficient to OOM-kill a validator with conventional memory provisioning. Fleet-wide application affects chain liveness. This vulnerability is fixed in 1.7.17.

409

Improper Handling of Highly Compressed Data (Data Amplification)

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Availability
Potential Impacts:
Dos: Amplification Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory)
Applicable Platforms
All platforms may be affected
View CWE Details
770

Allocation of Resources Without Limits or Throttling

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Availability
Potential Impacts:
Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other)
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: High
View CWE Details
https://github.com/klever-io/klever-go/security/advisories/…
https://github.com/klever-io/klever-go/security/advisories/GHSA-87m7-qffr-542v