CVE-2025-34457 in Dire Wolf
Summary
by MITRE • 12/23/2025
wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 694c954, contain a stack-based buffer overflow vulnerability in the function kiss_rec_byte() located in src/kiss_frame.c. When processing crafted KISS frames that reach the maximum allowed frame length (MAX_KISS_LEN), the function appends a terminating FEND byte without reserving sufficient space in the stack buffer. This results in an out-of-bounds write followed by an out-of-bounds read during the subsequent call to kiss_unwrap(), leading to stack memory corruption or application crashes. This vulnerability may allow remote unauthenticated attackers to trigger a denial-of-service condition.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 12/25/2025
The vulnerability identified as CVE-2025-34457 affects wb2osz/direwolf version 1.8 and earlier releases, specifically within the kiss_rec_byte() function located in src/kiss_frame.c. This issue represents a classic stack-based buffer overflow that occurs during the processing of KISS frames, which are fundamental to the software's operation in amateur radio packet communication systems. The flaw manifests when the software encounters crafted KISS frames that approach the maximum allowed frame length of MAX_KISS_LEN, creating a critical security gap in the packet processing pipeline.
The technical implementation of this vulnerability stems from inadequate buffer management within the kiss_rec_byte() function where the software attempts to append a terminating FEND byte to a stack buffer without ensuring sufficient space allocation. This fundamental miscalculation creates an out-of-bounds write condition that directly corrupts adjacent stack memory regions. The overflow occurs because the buffer sizing calculation fails to account for the additional byte required for the FEND termination sequence, leading to memory corruption that extends beyond the intended buffer boundaries. The subsequent call to kiss_unwrap() then triggers an out-of-bounds read operation, amplifying the potential impact of the initial write error.
The operational impact of this vulnerability extends beyond simple application instability, presenting significant risks to the reliability of amateur radio communication systems that depend on direwolf for packet handling. Remote unauthenticated attackers can exploit this weakness by transmitting specially crafted KISS frames that trigger the buffer overflow condition, resulting in immediate denial-of-service scenarios that disrupt communication services. The stack memory corruption can potentially lead to arbitrary code execution depending on the memory layout and the specific system environment, making this vulnerability particularly concerning for critical infrastructure applications that rely on robust communication protocols. The vulnerability affects systems where direwolf operates as a packet radio gateway or interface, potentially compromising the integrity of amateur radio networks that depend on stable packet processing capabilities.
Mitigation strategies for CVE-2025-34457 should prioritize immediate deployment of the patched version containing commit 694c954, which addresses the buffer overflow by properly reserving space for the terminating FEND byte during KISS frame processing. Network administrators should implement monitoring solutions to detect and filter suspicious KISS frame patterns that could indicate exploitation attempts, while also applying input validation measures to prevent malformed frames from reaching the vulnerable processing functions. The fix aligns with CWE-121 stack-based buffer overflow remediation techniques and follows ATT&CK framework mitigation strategies for command and control communications by preventing unauthorized remote execution. Organizations should also consider implementing network segmentation to limit the potential impact of successful exploitation and establish incident response procedures specifically addressing denial-of-service conditions in amateur radio communication systems.