Listen to this Post
The vulnerability exploits how the Sliver C2 server handles message framing in its mTLS and WireGuard transports. The protocol prefixes each protobuf message with a 4-byte little-endian length value. In the functions `socketReadEnvelope` and socketWGReadEnvelope, the server reads this attacker-controlled length and immediately allocates a buffer of that size using make([]byte, dataLength). Although a `ServerMaxMessageSize` limit of ~2 GiB exists, this is excessively high and still allows for massive single allocations. Crucially, the cryptographic signature verification using `ed25519.Verify` occurs only after the buffer has been allocated and the (non-existent) data has been read. This means a connection authenticated with a valid client certificate can trigger the allocation without proving the integrity of the malicious message. The impact is amplified by the yamux multiplexing protocol, which allows up to 128 concurrent streams over a single connection. An attacker can open this many streams simultaneously, each requesting a ~2 GiB allocation, forcing the server to attempt to commit ~256 GiB of memory, which inevitably triggers the Operating System’s Out-Of-Memory (OOM) killer and crashes the entire Sliver server process .
dailycve form:
Platform: Sliver C2
Version: Prior 1.7.0
Vulnerability : mTLS OOM crash
Severity: Critical
date: 09 Feb 2026
Prediction: Patched mid-Feb
What Undercode Say:
Analytics:
The vulnerability was published on February 9, 2026, and affects all versions of Sliver prior to 1.7.0. It has a CVSS v3.1 base score of 7.5 (High), with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a network-exploitable, low-complexity attack that requires no privileges or user interaction and results in high availability impact. The vulnerability is officially registered under CVE-2026-25791 and is documented in the GitHub Security Advisory GHSA-wxrw-gvg8-fqjp .
Bash Commands and Codes:
Conceptual Proof of Concept using 'socat' to send a malicious length prefix.
This assumes a prior valid mTLS connection and yamux negotiation.
The 4-byte little-endian length for 0x7FFFFFFF (2,147,483,647 bytes) is: ff ff ff 7f
echo -e "\xff\xff\xff\x7f" | socat - OPEN-SSL:<sliver_server>:<mtls_port>,verify=0,cert=implant.pem,key=implant.key
Example of the vulnerable code pattern in server/c2/mtls.go
dataLengthBuf holds the 4 bytes read from the network.
dataLength := int(binary.LittleEndian.Uint32(dataLengthBuf))
if dataLength <= 0 || ServerMaxMessageSize < dataLength {
return nil, errors.New("[bash] invalid data length")
}
dataBuf := make([]byte, dataLength) // VULNERABLE ALLOCATION
// ... read data into buffer ...
if !ed25519.Verify(pubKey, dataBuf, signature) { // CHECK AFTER ALLOCATION
return nil, errors.New("[bash] invalid signature")
}
How Exploit:
An attacker with a valid implant certificate establishes an mTLS connection to the server. After negotiating a yamux session, the attacker opens the maximum number of concurrent streams (128). On each stream, the attacker sends the mandatory 74-byte signature (content is irrelevant) followed by a 4-byte length prefix set to 0x7FFFFFFF. The server, for each stream, reads this length and calls make([]byte, 0x7FFFFFFF), attempting to allocate 2 GiB of memory per stream. The cumulative allocation request of roughly 256 GiB exceeds the server’s available memory, causing the OS to terminate the Sliver process.
Protection from this CVE:
The primary mitigation is to update the Sliver server to version 1.7.0 or later, where the issue is fixed . As a defensive measure, operators should limit exposure by restricting network access to the Sliver server’s C2 ports (e.g., mTLS, WireGuard) to only trusted networks or IP ranges. Monitoring for anomalous memory usage spikes or multiple failed large allocation attempts on the server host can also serve as an early warning indicator.
Impact:
Successful exploitation results in a complete denial of service for the C2 infrastructure. The Sliver server process is killed by the operating system’s OOM killer. This terminates all active implant sessions and beacons, cutting off communication with the entire agent fleet. The C2 operator must manually restart the Sliver server process to restore operations. In shared hosting environments, the memory pressure can also degrade or crash other unrelated services running on the same machine.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

