GHSA-W2CG-VXX6-5XJG: Death by Allocation: Crashing OpenClaw with Base64

#security #cve #cybersecurity #ghsa

Death by Allocation: Crashing OpenClaw with Base64

Vulnerability ID: GHSA-W2CG-VXX6-5XJG
CVSS Score: 7.5
Published: 2026-02-18

A classic case of 'allocation before validation' in the OpenClaw chat platform allows attackers to crash the server via memory exhaustion. By sending massive Base64-encoded strings, an attacker can trick the application into allocating gigabytes of memory to decode or sanitize the input before checking if the file size is actually within limits. This results in a Node.js OutOfMemoryError and a hard crash of the service.

TL;DR

OpenClaw (and the clawdbot package) < 2026.2.14 creates full memory buffers for Base64 inputs before checking their size. An attacker can send a large payload to trigger an OOM crash (DoS).

⚠️ Exploit Status: POC

Technical Details

CWE: CWE-770 (Allocation of Resources Without Limits)
Attack Vector: Network (API)
CVSS: 7.5 (High)
Impact: Denial of Service (DoS)
Language: TypeScript / Node.js
Vulnerable Function: Buffer.from() / String.replace()

Affected Systems

OpenClaw Gateway
OpenClaw Media Server
clawdbot (npm package)
openclaw/openclaw: < 2026.2.14 (Fixed in: 2026.2.14)
clawdbot: < 2026.2.14 (Fixed in: 2026.2.14)

Code Analysis

Commit: 3179123

Fix DoS vulnerability in base64 processing

- const sizeBytes = Buffer.from(b64, "base64").byteLength;
+ const sizeBytes = estimateBase64DecodedBytes(b64);

Exploit Details

Hypothetical: Simple curl command sending >500MB JSON payload.

Mitigation Strategies

Update OpenClaw/clawdbot to v2026.2.14
Implement strict body size limits at the Reverse Proxy level (Nginx/Apache)
Use WAF rules to detect excessive payload sizes

Remediation Steps:

Check your package.json for openclaw or clawdbot versions < 2026.2.14.
Run npm update clawdbot or pull the latest docker image for OpenClaw.
Verify the fix by attempting to upload a large file and observing server logs for immediate rejection rather than a crash.