Sliver C2 Server Crashes if Sent Malformed Messages

Summary

A security issue in Sliver C2 server versions up to 1.7.3 can cause the server to crash if it receives a specially crafted message. This can happen when an attacker has already gained unauthorized access to a device managed by the Sliver system. To protect yourself, upgrade to the latest version of Sliver as soon as possible.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
github.com	bishopfox	<= 1.7.3	–
bishopfox	github.com/bishopfox/sliver	<= 1.7.3	–
bishopfox	sliver	<= 1.7.3	–

Original title

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due ...

Original description

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting nested fields in a signed message, an authenticated actor can trigger an unhandled runtime panic. Because the mTLS, WireGuard, and DNS transport layers lack the panic recovery middleware present in the HTTP transport, this results in a global process termination. While requiring post-authentication access (a captured implant), this flaw effectively acts as an infrastructure "kill-switch," instantly severing all active sessions across the entire fleet and requiring a manual server restart to restore operations. At time of publication, there are no publicly available patches.

ghsa CVSS4.0 2.1

Vulnerability type

CWE-476 NULL Pointer Dereference