Dismissed
by @mweinelt Activity log
- Created automatic suggestion
- @mweinelt dismissed
OpenClaw < 2026.2.14 - Denial of Service via Large Base64 Media File Decoding
OpenClaw versions prior to 2026.2.14 decode base64-backed media inputs into buffers before enforcing decoded-size budget limits, allowing attackers to trigger large memory allocations. Remote attackers can supply oversized base64 payloads to cause memory pressure and denial of service.
References
-
GitHub Security Advisory (GHSA-w2cg-vxx6-5xjg) vendor-advisory
-
Patch Commit patch
Affected products
OpenClaw
- <2026.2.14
Package maintainers
-
@chrisportela Chris Portela <chris@chrisportela.com>