VYPR

Klever Go

by Klever Io

Source repositories

CVEs (6)

  • CVE-2026-44697HigMay 29, 2026
    risk 0.49cvss 8.6epss 0.00

    Klever-Go is the Go implementation of the Klever blockchain protocol. Prior to 1.7.17, a remote, unauthenticated denial-of-service vulnerability in Batch.Decompress (data/batch/batch.go) allows any peer that participates in a topic served by MultiDataInterceptor to allocate…

  • CVE-2026-52878higJun 5, 2026
    risk 0.38cvss epss 0.00

    ## Summary Every transaction gossiped on the klever-go P2P network is decoded and validated synchronously inside the libp2p pubsub topic-validator callback. The validator `txVersionChecker.CheckTxVersion` dereferences `tx.RawData.Version` with no nil check. A protobuf…

  • CVE-2026-52879higJun 5, 2026
    risk 0.38cvss epss 0.00

    ### Summary `networkMessenger.directMessageHandler` in `network/p2p/libp2p/netMessenger.go` spawns a fresh goroutine for every incoming direct message before the antiflood layer makes an admission decision. There is no semaphore, throttler, or bound on concurrent in-flight…

  • CVE-2026-47249higJun 5, 2026
    risk 0.38cvss epss 0.00

    ### Summary A connected peer can send a compressed `RequestDataType_HashArrayType` direct request that is only `442` bytes on the wire but expands into `200000` decoded hash entries inside the resolver path. On `klever-go` `v1.7.17`, this allows remote memory and CPU…

  • CVE-2026-49343Jun 5, 2026
    risk 0.00cvss epss 0.00

    ## Summary The account-data trie syncers leak bounded throttler slots on error paths in `syncDataTrie()`. Each failed trie sync permanently consumes one slot from the `NumGoRoutinesThrottler`, and the slot is never returned unless the sync succeeds or the root hash was…

  • CVE-2026-46403May 21, 2026
    risk 0.00cvss epss 0.00

    ## Publisher note **Fixed in `v1.7.17`.** Operators running `< v1.7.17` should upgrade. Contract delete and upgrade host-core paths now reject execution when `runtime.ReadOnly()` is true. The invariant is regression-tested for delete, upgrade, storage writes, value transfers,…