Affected by GO-2024-2993
and 6 other vulnerabilities
GO-2024-2993: Sliver Allows Authenticated Operator-to-Server Remote Code Execution in github.com/bishopfox/sliver
GO-2026-4280: Sliver Vulnerable to Pre-Auth Memory Exhaustion via NoEncoder Bypass in github.com/bishopfox/sliver
GO-2026-4466: Sliver has DNS C2 OTP Bypass that Allows Unauthenticated Session Flooding and Denial of Service in github.com/bishopfox/sliver
GO-2026-4548: Sliver has Potential Zip Bomb Denial of Service in GzipEncoder in github.com/bishopfox/sliver
GO-2026-4609: Sliver is Vulnerable to Authenticated Nil-Pointer Dereference through its Handlers in github.com/bishopfox/sliver
GO-2026-4723: Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports in github.com/bishopfox/sliver
GO-2026-4899: Sliver: Nil Pointer Dereference in tunnelCloseHandler causes panic when a reverse tunnel (rportfwd) close is attempted in github.com/bishopfox/sliver
XorDynamic encodes an amd64 payload using the Metasploit x64/xor_dynamic scheme.
If key includes a trailing key terminator + payload terminator (3 bytes) that satisfy the
encoder constraints, those are used verbatim.
Note: For large/high-entropy payloads, a 2-byte payload terminator may not exist. In
that case, this implementation falls back to a 4-byte payload terminator.
Affected by 
Documentation
¶
Source Files