CVE-2025-34457
Unknown Unknown - Not Provided
Stack-Based Buffer Overflow in Dire Wolf kiss_rec_byte() Causes DoS

Publication date: 2025-12-22

Last updated on: 2025-12-22

Assigner: VulnCheck

Description
wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 694c954, contain a stack-based buffer overflow vulnerability in the function kiss_rec_byte() located in src/kiss_frame.c. When processing crafted KISS frames that reach the maximum allowed frame length (MAX_KISS_LEN), the function appends a terminating FEND byte without reserving sufficient space in the stack buffer. This results in an out-of-bounds write followed by an out-of-bounds read during the subsequent call to kiss_unwrap(), leading to stack memory corruption or application crashes. This vulnerability may allow remote unauthenticated attackers to trigger a denial-of-service condition.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-22
Last Modified
2025-12-22
Generated
2026-06-16
AI Q&A
2025-12-23
EPSS Evaluated
2026-06-14
NVD
CVE-2025-34457
EUVD
EUVD-2025-204760
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wb2osz direwolf 1.8
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-34457 is a stack-based buffer overflow vulnerability in the Dire Wolf software, specifically in the function kiss_rec_byte() which processes KISS frames used in amateur radio communications. When a specially crafted KISS frame reaches the maximum allowed length, the function appends a terminating FEND byte without reserving enough space in the stack buffer. This causes an out-of-bounds write and subsequent out-of-bounds read, leading to stack memory corruption or application crashes. The flaw arises from improper bounds checking during frame assembly. [1, 2]

Impact Analysis

This vulnerability can be exploited remotely by unauthenticated attackers to cause a denial-of-service (DoS) condition by triggering stack memory corruption or crashing the Dire Wolf application. This disrupts the normal operation of the software, potentially affecting systems relying on it for amateur radio packet communications. [2]

Detection Guidance

Detection of this vulnerability involves monitoring for crashes or denial-of-service conditions caused by processing specially crafted KISS frames that reach the maximum allowed frame length (MAX_KISS_LEN). Since the issue is a stack-based buffer overflow in the kiss_rec_byte() function when handling KISS frames, one approach is to capture and analyze KISS frame traffic for frames at or near the maximum length. Additionally, enabling compiler sanitizers such as Address Sanitizer during development or testing can help detect memory errors related to this vulnerability. Specific commands are not provided in the resources, but using packet capture tools (e.g., tcpdump or Wireshark) to monitor KISS frames and running Dire Wolf with sanitizers enabled may aid detection. [1]

Mitigation Strategies

The immediate mitigation step is to update Dire Wolf to a version that includes the fix from commit 694c954, which properly limits the number of bytes collected in the kiss_rec_byte() function to prevent buffer overflow. If updating is not immediately possible, restricting or filtering incoming KISS frames to prevent frames at or near the maximum allowed length may reduce risk. Additionally, monitoring for application crashes and applying any available patches promptly is recommended. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34457. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart