A critical unauthenticated denial-of-service vulnerability in the Klever-Go blockchain protocol could allow attackers to crash validator nodes via memory exhaustion.

This is an improper resource management vulnerability where the Batch.Decompress function fails to validate the decompression ratio of gossip payloads. An attacker can send a payload smaller than 50 KiB that forces the node to allocate gigabytes of heap memory, leading to an Out-of-Memory (OOM) crash.

This vulnerability poses a direct threat to the availability of the Klever blockchain, as it allows unauthenticated remote actors to take down validator nodes. With a CVSS score of 8.6, this is a critical issue that could lead to significant chain instability and service disruption.

Immediate Action: Upgrade all Klever-Go node instances to version 1.7.17 or later immediately to patch the Batch.Decompress logic.

Proactive Monitoring: Monitor node heap usage and memory consumption patterns; sudden spikes in memory usage following network gossip activity are indicators of potential exploitation.

Compensating Controls: Implement rate limiting or payload size validation at the network edge if an immediate upgrade is not feasible, though an upgrade is strongly recommended.

Public Exploit Available: false

Given that this vulnerability allows for unauthenticated remote denial-of-service on blockchain validators, it is of the highest priority. All operators of Klever-Go nodes must update to version 1.7.17 without delay to prevent potential network disruption.