Remote OOM Vulnerability in Sliver Command and Control Framework by BishopFox

CVE-2026-32941

What is CVE-2026-32941?

The Sliver command and control framework, particularly versions 1.7.3 and earlier, is susceptible to a Remote Out-of-Memory (OOM) vulnerability within its mTLS and WireGuard transport layers. This vulnerability stems from improper handling of a four-byte length prefix that is controlled by an attacker, enabling memory allocation issues when certain functions are invoked. Under conditions where valid credentials or compromised implants are involved, an attacker can exploit this vulnerability by sending fabricated length prefixes across concurrent yamux streams, which can lead the server to attempt the allocation of excessive memory, potentially up to 256 GiB. This overload results in the crashing of the Sliver server, affecting all active implant sessions, and may also disrupt other processes on the same host. Additionally, the implant-side reading mechanisms lack any upper limit checks, further compounding the risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References