Affected by GO-2024-2993 and 5 other vulnerabilities

GO-2024-2993: Sliver Allows Authenticated Operator-to-Server Remote Code Execution in github.com/bishopfox/sliver

GO-2026-4280: Sliver Vulnerable to Pre-Auth Memory Exhaustion via NoEncoder Bypass in github.com/bishopfox/sliver

GO-2026-4466: Sliver has DNS C2 OTP Bypass that Allows Unauthenticated Session Flooding and Denial of Service in github.com/bishopfox/sliver

GO-2026-4609: Sliver is Vulnerable to Authenticated Nil-Pointer Dereference through its Handlers in github.com/bishopfox/sliver

GO-2026-4723: Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports in github.com/bishopfox/sliver

GO-2026-4899: Sliver: Nil Pointer Dereference in tunnelCloseHandler causes panic when a reverse tunnel (rportfwd) close is attempted in github.com/bishopfox/sliver

handlers

package

v1.7.4 Latest Latest Go to latest Published: Mar 30, 2026 License: GPL-3.0 Imports: 22 Imported by: 4

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/bishopfox/sliver

Links

Open Source Insights

README ¶

server/handlers

Overview

RPC and event handlers that respond to client and implant requests. Routes gRPC calls to business logic modules. Key routines cover beacons, data cache, pivot, and sessions within the handlers subsystem.

Go Files

beacons.go – Handles beacon-related RPC calls and state updates.
data_cache.go – Caches handler data for reuse across requests.
handlers.go – Registers handler functions and shared middleware.
pivot.go – Processes pivot management RPCs.
sessions.go – Handles session CRUD operations and telemetry routing.
tunnel_writer.go – Sends tunnel responses back to clients.

Documentation ¶

Index ¶

func GetHandlers() map[uint32]ServerHandler
func GetNonPivotHandlers() map[uint32]ServerHandler
func MustMarshal(msg proto.Message) []byte
func RTunnelDataHandler(tunnelData *sliverpb.TunnelData, tunnel *rtunnels.RTunnel, ...)
type ServerHandler

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetHandlers ¶ added in v1.5.0

func GetHandlers() map[uint32]ServerHandler

GetHandlers - Returns a map of server-side msg handlers

func GetNonPivotHandlers ¶ added in v1.5.0

func GetNonPivotHandlers() map[uint32]ServerHandler

GetNonPivotHandlers - Server handlers for pivot connections, its important to avoid a pivot handler from calling a pivot handler and causing a recursive call stack

func MustMarshal ¶ added in v1.5.0

func MustMarshal(msg proto.Message) []byte

MustMarshal - Marshals or returns an empty byte array

func RTunnelDataHandler ¶ added in v1.5.27

func RTunnelDataHandler(tunnelData *sliverpb.TunnelData, tunnel *rtunnels.RTunnel, connection *core.ImplantConnection)

Types ¶

type ServerHandler ¶ added in v1.5.0

type ServerHandler func(*core.ImplantConnection, []byte) *sliverpb.Envelope

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL