CNNVD-202602-1281 Information

CNNVD ID

CNNVD-202602-1281

Related CVE

CVE-2026-25791

• CNNVD Published: 2026-02-09

Description (Chinese)

Sliver是Bishop Fox开源的一个开源的跨平台对手模拟/红队框架。可以被各种规模的组织用来执行安全测试。 Sliver 1.7.0之前版本存在资源管理错误漏洞，该漏洞源于DNS C2侦听器接受未经验证的TOTP引导消息且未清理会话，可能导致内存耗尽。

Description (English)

Silver is an open source cross-platform rival simulation/red team framework for Bishop Fox open source. They can be used by organizations of all sizes to carry out safety tests. Prior to Sliver 1.7.0, there was a resource management error loophole, which originated from an unverified TOTP-directed message received by the DNS C2 interceptor and which could lead to depletion of memory.

Vulnerability Type

资源管理错误

Affected Vendor

Bishop Fox

Published

2026-02-09

Last Modified

2026-02-24

References

https://github.com/BishopFox/sliver/releases/tag/v1.7.0 https://github.com/BishopFox/sliver/security/advisories/GHSA-wxrw-gvg8-fqjp

Patch

https://github.com/BishopFox/sliver/releases