CVE-2025-34457
Stack-Based Buffer Overflow in Dire Wolf kiss_rec_byte() Causes DoS
Publication date: 2025-12-22
Last updated on: 2025-12-22
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wb2osz | direwolf | 1.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-34457 is a stack-based buffer overflow vulnerability in the Dire Wolf software, specifically in the function kiss_rec_byte() which processes KISS frames used in amateur radio communications. When a specially crafted KISS frame reaches the maximum allowed length, the function appends a terminating FEND byte without reserving enough space in the stack buffer. This causes an out-of-bounds write and subsequent out-of-bounds read, leading to stack memory corruption or application crashes. The flaw arises from improper bounds checking during frame assembly. [1, 2]
How can this vulnerability impact me? :
This vulnerability can be exploited remotely by unauthenticated attackers to cause a denial-of-service (DoS) condition by triggering stack memory corruption or crashing the Dire Wolf application. This disrupts the normal operation of the software, potentially affecting systems relying on it for amateur radio packet communications. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for crashes or denial-of-service conditions caused by processing specially crafted KISS frames that reach the maximum allowed frame length (MAX_KISS_LEN). Since the issue is a stack-based buffer overflow in the kiss_rec_byte() function when handling KISS frames, one approach is to capture and analyze KISS frame traffic for frames at or near the maximum length. Additionally, enabling compiler sanitizers such as Address Sanitizer during development or testing can help detect memory errors related to this vulnerability. Specific commands are not provided in the resources, but using packet capture tools (e.g., tcpdump or Wireshark) to monitor KISS frames and running Dire Wolf with sanitizers enabled may aid detection. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update Dire Wolf to a version that includes the fix from commit 694c954, which properly limits the number of bytes collected in the kiss_rec_byte() function to prevent buffer overflow. If updating is not immediately possible, restricting or filtering incoming KISS frames to prevent frames at or near the maximum allowed length may reduce risk. Additionally, monitoring for application crashes and applying any available patches promptly is recommended. [1, 2]