Klever-Go is the Go implementation of the Klever blockchain protocol. Prior to 1.7.17, a remote, unauthenticated denial-of-service vulnerability in Batch.Decomp…

A critical denial-of-service vulnerability in Klever-Go blockchain protocol implementation prior to version 1.7.17. The vulnerability exists in the Batch.Decompress function and allows remote, unauthenticated attackers to cause memory exhaustion. Attackers can send small gossip payloads (under 50 KiB) that force receiving nodes to allocate multi-gigabyte heaps. A single malicious packet can trigger out-of-memory conditions on validators with standard memory configurations. Fleet-wide exploitation can compromise entire blockchain network liveness. The vulnerability has been patched in version 1.7.17.