4 matches found
GHSA-JC6W-WMFC-FH33 Klever-Go KVM read-only execution can commit contract delete and upgrade side effects
Publisher note Fixed in v1.7.17. Operators running v1.7.17 should upgrade. Contract delete and upgrade host-core paths now reject execution when runtime.ReadOnly is true. The invariant is regression-tested for delete, upgrade, storage writes, value transfers, and any VM output field that can late...
Klever-Go KVM read-only execution can commit contract delete and upgrade side effects
Publisher note Fixed in v1.7.17. Operators running v1.7.17 should upgrade. Contract delete and upgrade host-core paths now reject execution when runtime.ReadOnly is true. The invariant is regression-tested for delete, upgrade, storage writes, value transfers, and any VM output field that can late...
PT-2026-42630
Publisher note Fixed in v1.7.17. Operators running v1.7.17 should upgrade. Contract delete and upgrade host-core paths now reject execution when runtime.ReadOnly is true. The invariant is regression-tested for delete, upgrade, storage writes, value transfers, and any VM output field that can late...
PT-2026-42661
Name of the Vulnerable Software and Affected Versions klever-go versions prior to 1.7.17 Description KVM read-only execution fails to properly isolate state-changing operations. The ExecuteReadOnlyWithTypedArguments function sets the runtime to read-only mode, but the host-core paths for contract...