What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade the Klever-Go blockchain client to version 1.7.17 or later, where the vulnerability is fixed.

The fix includes adding a 64 MiB hard ceiling to decompression operations and validating the DataSize field before processing, preventing unbounded memory allocation.

Until the upgrade can be applied, consider restricting or monitoring incoming P2P traffic to detect and block suspicious compressed payloads that could trigger the vulnerability.

Additionally, monitor system logs for OOM events and restart affected nodes promptly to restore chain liveness.

Useful 0 Not Useful 0

Can you explain this vulnerability to me?

CVE-2026-44697 is a remote denial-of-service vulnerability in the Klever-Go blockchain client's MultiDataInterceptor component. It occurs in the Batch.Decompress function, which decompresses data without any size limits, allowing an attacker to send a small compressed payload (under 50 KiB) that decompresses into multi-gigabyte memory allocations.

This unbounded decompression causes the target node to run out of memory (OOM), crashing the validator node. The attack bypasses anti-flood protections because checks happen after decompression, and the compressed payload size alone is too small to trigger throttling.

A single specially crafted packet is enough to crash a node, and multiple attackers could crash an entire fleet of validator nodes, disrupting the blockchain's operation.

The vulnerability was fixed in version 1.7.17 by adding a 64 MiB hard limit on decompression size and validating the DataSize field before processing.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can cause a remote denial-of-service condition by crashing validator nodes through out-of-memory errors triggered by maliciously crafted compressed payloads.

If you operate or rely on Klever-Go blockchain validators, an attacker can disrupt your node's availability with minimal effort, potentially crashing a single node or an entire fleet of validators.

Such disruptions can affect the liveness and reliability of the blockchain network, leading to service interruptions and loss of trust in the system.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for unusually large memory allocations or out-of-memory (OOM) events on nodes running the Klever-Go blockchain client, especially when receiving compressed P2P payloads.

Since the attack involves a sub-50 KiB compressed payload that decompresses into multi-gigabyte heaps, network monitoring tools can be used to inspect incoming P2P packets for suspiciously small but potentially malicious compressed data.

On the system, you can check for OOM kill events in system logs to identify if the node process was terminated due to memory exhaustion.

• Use commands like `dmesg | grep -i oom` or `journalctl -k | grep -i oom` to find OOM kill logs.
• Monitor memory usage of the Klever-Go process with `top`, `htop`, or `ps aux --sort=-rss | grep klever-go`.
• Capture and analyze network traffic on the P2P port using tools like `tcpdump` or `wireshark` to identify suspicious compressed payloads under 50 KiB.

Useful 0 Not Useful 0

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0