github.com/klever-io/klever-go
Go7 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/klever-io/klever-gopage 1 of 1
- CVE-2026-44697HIGHCVSS 8.6EG 8.62026-05-29
Klever-Go is the Go implementation of the Klever blockchain protocol. Prior to 1.7.17, a remote, unauthenticated denial-of-service vulnerability in Batch.Decompress (data/batch/batch.go) allows any peer that participates in a topic served …
- CVE-2026-46403MEDIUMCVSS 6.3EG 6.3✓ Fixed in 1.7.172026-05-21
Klever-Go KVM read-only execution can commit contract delete and upgrade side effects ## Publisher note **Fixed in `v1.7.17`.** Operators running `< v1.7.17` should upgrade. Contract delete and upgrade host-core paths now reject executio…
- CVE-2026-47249HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.182026-06-05
Klever-Go KVM: Hash-array amplification in P2P resolver request handling ### Summary A connected peer can send a compressed `RequestDataType_HashArrayType` direct request that is only `442` bytes on the wire but expands into `200000` deco…
- CVE-2026-49343MEDIUMCVSS 5.9EG 5.9✓ Fixed in 1.7.182026-06-05
Klever-Go KVM: Throttler slot leak in trie account-data sync causes epoch bootstrap / state sync DoS ## Summary The account-data trie syncers leak bounded throttler slots on error paths in `syncDataTrie()`. Each failed trie sync perman…
- CVE-2026-52878HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.182026-06-05
Klever-Go KVM: Unauthenticated remote node crash (nil-pointer DoS) in klever-go P2P transaction interceptor (txVersionChecker nil RawData) - potential chain halt ## Summary Every transaction gossiped on the klever-go P2P network is decode…
- CVE-2026-52879HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.182026-06-05
klever-go: Unbounded goroutine spawn on direct-message ingress enables peer-driven DoS ### Summary `networkMessenger.directMessageHandler` in `network/p2p/libp2p/netMessenger.go` spawns a fresh goroutine for every incoming direct message…
- CVE-2026-52880HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.182026-06-05
klever-go: REST API slow-header connection exhaustion via Gin Engine.Run ### Summary The Klever seednode REST API starts a Gin engine with `Engine.Run(restAPIInterface)`. In Gin v1.9.1, `Engine.Run` calls Go's default `http.ListenAndServ…
Check whether github.com/klever-io/klever-go is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/klever-io/klever-go CVEs against the assets you own.
Start Free Scan →