Vulnerability Description
Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementation, which allows attackers to execute a man-in-the-middle attack via intercepted and crafted responses.
CVSS Score
8.1
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bishopfox | Sliver | >= 1.5.0, < 1.5.40 |
Related Weaknesses (CWE)
References
- https://github.com/BishopFox/sliver/releases/tag/v1.5.40Release Notes
- https://github.com/advisories/GHSA-8jxm-xp43-qh3qThird Party Advisory
- https://github.com/tangent65536/SlivjackerBroken Link
- https://www.chtsecurity.com/news/04f41dcc-1851-463c-93bc-551323ad8091Third Party Advisory
- https://github.com/BishopFox/sliver/releases/tag/v1.5.40Release Notes
- https://github.com/advisories/GHSA-8jxm-xp43-qh3qThird Party Advisory
- https://github.com/tangent65536/SlivjackerBroken Link
- https://www.chtsecurity.com/news/04f41dcc-1851-463c-93bc-551323ad8091Third Party Advisory
FAQ
What is CVE-2023-34758?
CVE-2023-34758 is a vulnerability with a CVSS score of 8.1 (HIGH). Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementation, which allows attackers to execute a man-in-the-middle attack via intercepted and crafted responses.
How severe is CVE-2023-34758?
CVE-2023-34758 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-34758?
Check the references section above for vendor advisories and patch information. Affected products include: Bishopfox Sliver.