Lucene search
+L

7 matches found

osv
osv
added 2026/06/04 5:40 p.m.7 views

GHSA-74M6-4HJP-7226 Klever-Go P2P MultiDataInterceptor leaks global throttler slots on malformed compressed batches (DoS)

Publisher note Fixed in v1.7.17. Operators running v1.7.17 should upgrade. The decompression-error path in MultiDataInterceptor.ProcessReceivedMessage now releases the global throttler slot before returning guarded defer after StartProcessing, disabled when the asynchronous goroutine takes...

7.5CVSS5.8AI score
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/04 12:0 a.m.7 views

PT-2026-49153

Publisher note Fixed in v1.7.17. Operators running v1.7.17 should upgrade. The decompression-error path in MultiDataInterceptor.ProcessReceivedMessage now releases the global throttler slot before returning guarded defer after StartProcessing, disabled when the asynchronous goroutine takes...

7.5CVSS5.6AI score
Exploits0References5
nvd
nvd
added 2026/05/29 6:17 p.m.22 views

CVE-2026-44697

Klever-Go is the Go implementation of the Klever blockchain protocol. Prior to 1.7.17, a remote, unauthenticated denial-of-service vulnerability in Batch.Decompress data/batch/batch.go allows any peer that participates in a topic served by MultiDataInterceptor to allocate multi-gigabyte heaps on...

8.6CVSS0.0038EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/29 5:14 p.m.12 views

CVE-2026-44697 Klever-Go MultiDataInterceptor: remote OOM via crafted compressed P2P payload

Klever-Go is the Go implementation of the Klever blockchain protocol. Prior to 1.7.17, a remote, unauthenticated denial-of-service vulnerability in Batch.Decompress data/batch/batch.go allows any peer that participates in a topic served by MultiDataInterceptor to allocate multi-gigabyte heaps on...

8.6CVSS5.8AI score0.0038EPSS
Exploits0References1
euvd
euvd
added 2026/05/29 5:14 p.m.11 views

EUVD-2026-33375

Klever-Go is the Go implementation of the Klever blockchain protocol. Prior to 1.7.17, a remote, unauthenticated denial-of-service vulnerability in Batch.Decompress data/batch/batch.go allows any peer that participates in a topic served by MultiDataInterceptor to allocate multi-gigabyte heaps on...

8.6CVSS5.8AI score0.0038EPSS
Exploits0References1
osv
osv
added 2026/05/29 5:14 p.m.4 views

CVE-2026-44697 Klever-Go MultiDataInterceptor: remote OOM via crafted compressed P2P payload

Klever-Go is the Go implementation of the Klever blockchain protocol. Prior to 1.7.17, a remote, unauthenticated denial-of-service vulnerability in Batch.Decompress data/batch/batch.go allows any peer that participates in a topic served by MultiDataInterceptor to allocate multi-gigabyte heaps on...

8.6CVSS6AI score0.0038EPSS
Exploits0References3
github
github
added 2026/05/13 1:36 a.m.12 views

Klever-Go MultiDataInterceptor has remote OOM via crafted compressed P2P payload

Summary A remote, unauthenticated denial-of-service vulnerability in Batch.Decompress data/batch/batch.go allows any peer that participates in a topic served by MultiDataInterceptor to allocate multi-gigabyte heaps on the receiving node from a sub-50 KiB gossip payload. A single packet is...

8.6CVSS5.9AI score0.0038EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder