GHSA-hjr9-wj7v-7hv8: Sliver Vulnerable to Pre-Auth Memory Exhaustion via NoEncoder Bypass

January 5, 2026

A specially crafted nonce routes unauthenticated requests through the NoEncoder path, where startSessionHandler() reads the entire request body without limits, allowing attacker-driven memory exhaustion and process crash.

References

github.com/BishopFox/sliver
github.com/BishopFox/sliver/security/advisories/GHSA-hjr9-wj7v-7hv8
github.com/advisories/GHSA-hjr9-wj7v-7hv8

Code Behaviors & Features

Detect and mitigate GHSA-hjr9-wj7v-7hv8 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →