Critical severityNVD Advisory· Published Aug 28, 2023· Updated Oct 2, 2024
CVE-2023-34758
CVE-2023-34758
Description
Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementation, which allows attackers to execute a man-in-the-middle attack via intercepted and crafted responses.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/bishopfox/sliverGo | >= 1.5.0, < 1.5.40 | 1.5.40 |
Affected products
2- Sliver/Sliverdescription
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-8jxm-xp43-qh3qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-34758ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-35170ghsaADVISORY
- github.com/BishopFox/sliver/blob/master/implant/sliver/cryptography/crypto.goghsaWEB
- github.com/BishopFox/sliver/blob/master/implant/sliver/cryptography/implant.goghsaWEB
- github.com/BishopFox/sliver/commit/2d1ea6192cac2ff9d6450b2d96043fdbf8561516ghsaWEB
- github.com/BishopFox/sliver/releases/tag/v1.5.40ghsaWEB
- github.com/BishopFox/sliver/security/advisories/GHSA-8jxm-xp43-qh3qghsaWEB
- pkg.go.dev/vuln/GO-2023-1866ghsaWEB
- www.chtsecurity.com/news/04f41dcc-1851-463c-93bc-551323ad8091ghsaWEB
News mentions
0No linked articles in our index yet.