Vulnerabilities

CVE-2025-34457 - wb2osz/direwolf <= 1.8 stack-based buffer overflow dos

2025-12-23 0 views admin

CVE ID : CVE-2025-34457 Published : Dec. 22, 2025, 10:16 p.m. | 1 hour, 46 minutes ago Description : wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 694c954, contain a stack-based buffer overflow vulnerability in the function kiss_rec_byte() located in src/kiss_frame.c. When processing crafted KISS frames that reach the maximum allowed frame length (MAX_KISS_LEN), the function appends a terminating FEND byte without reserving sufficient space in the stack buffer. This results in an out-of-bounds write followed by an out-of-bounds read during the subsequent call to kiss_unwrap(), leading to stack memory corruption or application crashes. This vulnerability may allow remote unauthenticated attackers to trigger a denial-of-service condition. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-34457

Severity

HIGH

Published

Dec. 22, 2025

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-34457high

CVE-2025-34457 - wb2osz/direwolf <= 1.8 stack-based buffer overflow dos

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-34458 - wb2osz/direwolf <= 1.8 reachable assertion dos

CVE-2025-67436 - PluXml CMS Remote Code Execution Vulnerability

CVE-2025-65857 - Xiongmai XM530 IP Camera Unauthenticated Video Stream Exposure

CVE-2025-65856 - Xiongmai XM530 IP Camera Authentication Bypass

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting