DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-RXXP-482V-7MRH: GHSA-RXXP-482V-7MRH: Memory Exhaustion via Unbounded Media Buffering in OpenClaw

#security #cve #cybersecurity #ghsa

GHSA-RXXP-482V-7MRH: Memory Exhaustion via Unbounded Media Buffering in OpenClaw

Vulnerability ID: GHSA-RXXP-482V-7MRH
CVSS Score: 6.5
Published: 2026-03-02

OpenClaw, an open-source personal AI assistant framework, contains a Denial of Service (DoS) vulnerability in multiple messaging channel extensions (including Discord, Telegram, and Microsoft Teams). The vulnerability arises from improper handling of inbound media attachments, where the application buffers the entire content of a remote file into memory before verifying its size against configured limits. This 'sink-then-check' behavior allows remote attackers to trigger an Out-of-Memory (OOM) exception and crash the Node.js process by sending a sufficiently large file or a continuous data stream.

TL;DR

OpenClaw extensions download full media files into RAM before checking size limits. Attackers can crash the service by sending large files (DoS). Fixed versions enforce limits during the download stream.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-770
  • Attack Vector: Network
  • CVSS Score: 6.5 (Medium)
  • Impact: Denial of Service (OOM)
  • Platform: Node.js
  • Exploit Status: PoC Available

Affected Systems

  • OpenClaw Discord Extension
  • OpenClaw Telegram Extension
  • OpenClaw Microsoft Teams Extension
  • OpenClaw BlueBubbles Extension
  • OpenClaw Zalo Extension
  • openclaw: < 2026-02-21 (Fixed in: commit 73d93dee64127a26f1acd09d0403b794cdeb4f5c)

Code Analysis

Commit: 73d93de

fix: use fetchRemoteMedia for proper size limit enforcement

Diff shows removal of raw 'fetch' and 'arrayBuffer' calls, replaced with 'runtime.channel.media.fetchRemoteMedia'.
Enter fullscreen mode Exit fullscreen mode

Mitigation Strategies

  • Update to the patched version of OpenClaw.
  • Configure 'maxBytes' limits for all media handlers.
  • Restrict bot access to trusted users/channels.

Remediation Steps:

  1. Stop the running OpenClaw instance.
  2. Run 'npm update openclaw' to pull the latest package versions.
  3. Verify the installation of the patch commit 73d93dee64127a26f1acd09d0403b794cdeb4f5c.
  4. Restart the service.
  5. Monitor logs for 'fetchRemoteMedia' activity to ensure the new logic is active.

References

Read the full report for GHSA-RXXP-482V-7MRH on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)