CVE-2026-44697
Deferred Deferred - Pending Action
Denial-of-Service in Klever-Go Blockchain Protocol

Publication date: 2026-05-29

Last updated on: 2026-06-02

Assigner: GitHub, Inc.

Description
Klever-Go is the Go implementation of the Klever blockchain protocol. Prior to 1.7.17, a remote, unauthenticated denial-of-service vulnerability in Batch.Decompress (data/batch/batch.go) allows any peer that participates in a topic served by MultiDataInterceptor to allocate multi-gigabyte heaps on the receiving node from a sub-50 KiB gossip payload. A single packet is sufficient to OOM-kill a validator with conventional memory provisioning. Fleet-wide application affects chain liveness. This vulnerability is fixed in 1.7.17.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-06-02
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2026-44697
EUVD
EUVD-2026-33375
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
klever_io klever_go to 1.7.17 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-409 The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The immediate mitigation step is to upgrade the Klever-Go blockchain client to version 1.7.17 or later, where the vulnerability is fixed.

The fix includes adding a 64 MiB hard ceiling to decompression operations and validating the DataSize field before processing, preventing unbounded memory allocation.

Until the upgrade can be applied, consider restricting or monitoring incoming P2P traffic to detect and block suspicious compressed payloads that could trigger the vulnerability.

Additionally, monitor system logs for OOM events and restart affected nodes promptly to restore chain liveness.

Executive Summary

CVE-2026-44697 is a remote denial-of-service vulnerability in the Klever-Go blockchain client's MultiDataInterceptor component. It occurs in the Batch.Decompress function, which decompresses data without any size limits, allowing an attacker to send a small compressed payload (under 50 KiB) that decompresses into multi-gigabyte memory allocations.

This unbounded decompression causes the target node to run out of memory (OOM), crashing the validator node. The attack bypasses anti-flood protections because checks happen after decompression, and the compressed payload size alone is too small to trigger throttling.

A single specially crafted packet is enough to crash a node, and multiple attackers could crash an entire fleet of validator nodes, disrupting the blockchain's operation.

The vulnerability was fixed in version 1.7.17 by adding a 64 MiB hard limit on decompression size and validating the DataSize field before processing.

Impact Analysis

This vulnerability can cause a remote denial-of-service condition by crashing validator nodes through out-of-memory errors triggered by maliciously crafted compressed payloads.

If you operate or rely on Klever-Go blockchain validators, an attacker can disrupt your node's availability with minimal effort, potentially crashing a single node or an entire fleet of validators.

Such disruptions can affect the liveness and reliability of the blockchain network, leading to service interruptions and loss of trust in the system.

Detection Guidance

This vulnerability can be detected by monitoring for unusually large memory allocations or out-of-memory (OOM) events on nodes running the Klever-Go blockchain client, especially when receiving compressed P2P payloads.

Since the attack involves a sub-50 KiB compressed payload that decompresses into multi-gigabyte heaps, network monitoring tools can be used to inspect incoming P2P packets for suspiciously small but potentially malicious compressed data.

On the system, you can check for OOM kill events in system logs to identify if the node process was terminated due to memory exhaustion.

  • Use commands like `dmesg | grep -i oom` or `journalctl -k | grep -i oom` to find OOM kill logs.
  • Monitor memory usage of the Klever-Go process with `top`, `htop`, or `ps aux --sort=-rss | grep klever-go`.
  • Capture and analyze network traffic on the P2P port using tools like `tcpdump` or `wireshark` to identify suspicious compressed payloads under 50 KiB.
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44697. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart