GHSA-hm63-vwj4-mj2q: Duplicate Advisory: OpenClaw: Remote media error responses could trigger unbounded memory allocation before failure
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-4qwc-c7g9-4xcw. This link is maintained to preserve external references.
Original Description
OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling that allows attackers to trigger excessive memory consumption. Attackers can send crafted HTTP error responses with large bodies to remote media endpoints, causing the application to allocate unbounded memory before failure handling occurs.
References
- github.com/advisories/GHSA-hm63-vwj4-mj2q
- github.com/openclaw/openclaw/commit/630f1479c44f78484dfa21bb407cbe6f171dac87
- github.com/openclaw/openclaw/commit/81445a901091a5d27ef0b56fceedbe4724566438
- github.com/openclaw/openclaw/security/advisories/GHSA-4qwc-c7g9-4xcw
- nvd.nist.gov/vuln/detail/CVE-2026-35633
- www.vulncheck.com/advisories/openclaw-unbounded-memory-allocation-via-remote-media-error-responses
Code Behaviors & Features
Detect and mitigate GHSA-hm63-vwj4-mj2q with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →