Fbsobreira

**Name of the Vulnerable Software and Affected Versions** Klever-Go versions prior to 1.7.17 **Description** A remote, unauthenticated denial-of-service issue exists in the `Batch.Decompress` function within `data/batch/batch.go`. This allows any peer participating in a topic served by `MultiDataInterceptor` to trigger multi-gigabyte heap allocations on a receiving node using a gossip payload smaller than 50 KiB. The issue stems from an unbounded `io.ReadAll` operation in the `decompressGzip` function and a lack of validation for the `ba.DataSize` variable during decompression. A single malicious packet can cause a validator to crash due to out-of-memory (OOM) conditions, and a fleet-wide attack can compromise chain liveness. **Recommendations** Update to version 1.7.17.