{"id":"CVE-2023-34758","details":"Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementation, which allows attackers to execute a man-in-the-middle attack via intercepted and crafted responses.","aliases":["CVE-2023-35170","GHSA-8jxm-xp43-qh3q","GO-2023-1866"],"modified":"2026-04-10T05:00:39.914469Z","published":"2023-08-28T12:15:09.007Z","related":["GHSA-8jxm-xp43-qh3q"],"references":[{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-8jxm-xp43-qh3q"},{"type":"ADVISORY","url":"https://www.chtsecurity.com/news/04f41dcc-1851-463c-93bc-551323ad8091"},{"type":"ADVISORY","url":"https://github.com/BishopFox/sliver/releases/tag/v1.5.40"},{"type":"PACKAGE","url":"https://github.com/tangent65536/Slivjacker"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bishopfox/sliver","events":[{"introduced":"eb8d1bdf115c534c2ce00bae60c3d669c12627b3"},{"fixed":"c17c37857e54f0fa202c01cbd00a99a85f5f9f49"}],"database_specific":{"versions":[{"introduced":"1.5.0"},{"fixed":"1.5.40"}]}}],"versions":["v1.5.0","v1.5.1","v1.5.10","v1.5.11","v1.5.12","v1.5.13","v1.5.14","v1.5.15","v1.5.16","v1.5.17","v1.5.18","v1.5.19","v1.5.2","v1.5.20","v1.5.21","v1.5.22","v1.5.23","v1.5.24","v1.5.25","v1.5.26","v1.5.27","v1.5.28","v1.5.29","v1.5.3","v1.5.30","v1.5.31","v1.5.32","v1.5.33","v1.5.34","v1.5.35","v1.5.36","v1.5.37","v1.5.38","v1.5.39","v1.5.4","v1.5.5","v1.5.6","v1.5.7","v1.5.8","v1.5.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34758.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}