x/vulndb: potential Go vuln in github.com/bishopfox/sliver: GHSA-q8j9-34qf-7vq7 #4079
Description
Advisory GHSA-q8j9-34qf-7vq7 references a vulnerability in the following Go modules:
| Module |
|---|
| github.com/bishopfox/sliver |
Description:
Summary
Sliver's custom Wireguard netstack doesn't limit traffic between Wireguard clients, this could lead to:
- Leaked/recovered keypair (from a beacon) being used to attack operators.
- Port forwardings usable from other implants.
Details
-
Sliver treat operators' Wireguard config and beacon/session's Wireguard config equally, they both connect to the wireguard listener created from the CLI.
-
The current netstack implementation does not filter traffic between clients.
I think this piece of code handle traffic between clients, from experimental results clients can ping and c...
References:
- ADVISORY: GHSA-q8j9-34qf-7vq7
- ADVISORY: GHSA-q8j9-34qf-7vq7
- FIX: BishopFox/sliver@8e5c5f1
Cross references:
- github.com/bishopfox/sliver appears in 3 other report(s):
- data/reports/GO-2023-1866.yaml (x/vulndb: potential Go vuln in github.com/bishopfox/sliver: GHSA-8jxm-xp43-qh3q #1866)
- data/reports/GO-2024-2993.yaml (x/vulndb: potential Go vuln in github.com/bishopfox/sliver: GHSA-hc5w-gxxr-w8x8 #2993)
- data/reports/GO-2025-3472.yaml (x/vulndb: potential Go vuln in github.com/bishopfox/sliver: GHSA-fh4v-v779-4g2w #3472)
See doc/quickstart.md for instructions on how to triage this report.
id: GO-ID-PENDING
modules:
- module: github.com/bishopfox/sliver
vulnerable_at: 1.5.43
summary: Silver has unrestricted traffic between Wireguard clients in github.com/bishopfox/sliver
cves:
- CVE-2025-27093
ghsas:
- GHSA-q8j9-34qf-7vq7
references:
- advisory: https://github.com/BishopFox/sliver/security/advisories/GHSA-q8j9-34qf-7vq7
- advisory: https://github.com/advisories/GHSA-q8j9-34qf-7vq7
- fix: https://github.com/BishopFox/sliver/commit/8e5c5f14506d6d60ebb3362e6b9857ab1e0d76ff
source:
id: GHSA-q8j9-34qf-7vq7
created: 2025-10-28T18:01:12.899194771Z
review_status: UNREVIEWED