Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-34457

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-22 Dec, 2025 | 21:30
Updated At-23 Dec, 2025 | 15:03
Rejected At-
Credits

wb2osz/direwolf <= 1.8.1 Stack-based Buffer Overflow DoS

wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 694c954, contain a stack-based buffer overflow vulnerability in the function kiss_rec_byte() located in src/kiss_frame.c. When processing crafted KISS frames that reach the maximum allowed frame length (MAX_KISS_LEN), the function appends a terminating FEND byte without reserving sufficient space in the stack buffer. This results in an out-of-bounds write followed by an out-of-bounds read during the subsequent call to kiss_unwrap(), leading to stack memory corruption or application crashes. This vulnerability may allow remote unauthenticated attackers to trigger a denial-of-service condition.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:22 Dec, 2025 | 21:30
Updated At:23 Dec, 2025 | 15:03
Rejected At:
â–¼CVE Numbering Authority (CNA)
wb2osz/direwolf <= 1.8.1 Stack-based Buffer Overflow DoS

wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 694c954, contain a stack-based buffer overflow vulnerability in the function kiss_rec_byte() located in src/kiss_frame.c. When processing crafted KISS frames that reach the maximum allowed frame length (MAX_KISS_LEN), the function appends a terminating FEND byte without reserving sufficient space in the stack buffer. This results in an out-of-bounds write followed by an out-of-bounds read during the subsequent call to kiss_unwrap(), leading to stack memory corruption or application crashes. This vulnerability may allow remote unauthenticated attackers to trigger a denial-of-service condition.

Affected Products
Vendor
wb2osz
Product
Dire Wolf
Package Name
direwolf
Repo
https://github.com/wb2osz/direwolf
Default Status
unaffected
Versions
Affected
  • From 0 through 1.8.1 (semver)
Unaffected
  • commit 694c954 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121 Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121 Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Vlatko Kosturjak with Marlink Cyber
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-010-direwolf-stack-buffer-overflow-kiss-frame.md
technical-description
exploit
https://github.com/wb2osz/direwolf/issues/617
issue-tracking
https://github.com/wb2osz/direwolf/commit/694c954
patch
https://www.vulncheck.com/advisories/wb2osz-direwolf-stack-based-buffer-overflow-dos
third-party-advisory
Hyperlink: https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-010-direwolf-stack-buffer-overflow-kiss-frame.md
Resource:
technical-description
exploit
Hyperlink: https://github.com/wb2osz/direwolf/issues/617
Resource:
issue-tracking
Hyperlink: https://github.com/wb2osz/direwolf/commit/694c954
Resource:
patch
Hyperlink: https://www.vulncheck.com/advisories/wb2osz-direwolf-stack-based-buffer-overflow-dos
Resource:
third-party-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:22 Dec, 2025 | 22:16
Updated At:23 Dec, 2025 | 14:51

wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 694c954, contain a stack-based buffer overflow vulnerability in the function kiss_rec_byte() located in src/kiss_frame.c. When processing crafted KISS frames that reach the maximum allowed frame length (MAX_KISS_LEN), the function appends a terminating FEND byte without reserving sufficient space in the stack buffer. This results in an out-of-bounds write followed by an out-of-bounds read during the subsequent call to kiss_unwrap(), leading to stack memory corruption or application crashes. This vulnerability may allow remote unauthenticated attackers to trigger a denial-of-service condition.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-121Secondarydisclosure@vulncheck.com
CWE ID: CWE-121
Type: Secondary
Source: disclosure@vulncheck.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-010-direwolf-stack-buffer-overflow-kiss-frame.mddisclosure@vulncheck.com
N/A
https://github.com/wb2osz/direwolf/commit/694c954disclosure@vulncheck.com
N/A
https://github.com/wb2osz/direwolf/issues/617disclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/wb2osz-direwolf-stack-based-buffer-overflow-dosdisclosure@vulncheck.com
N/A
Hyperlink: https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-010-direwolf-stack-buffer-overflow-kiss-frame.md
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://github.com/wb2osz/direwolf/commit/694c954
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://github.com/wb2osz/direwolf/issues/617
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/wb2osz-direwolf-stack-based-buffer-overflow-dos
Source: disclosure@vulncheck.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

5Records found
CVE-2025-34458
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.15% / 35.27%
||
7 Day CHG+0.01%
Published-22 Dec, 2025 | 21:29
Updated-23 Dec, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wb2osz/direwolf <= 1.8.1 Reachable Assertion DoS

wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 3658a87, contain a reachable assertion vulnerability in the APRS MIC-E decoder function aprs_mic_e() located in src/decode_aprs.c. When processing a specially crafted AX.25 frame containing a MIC-E message with an empty or truncated comment field, the application triggers an unhandled assertion checking for a non-empty comment. This assertion failure causes immediate process termination, allowing a remote, unauthenticated attacker to cause a denial of service by sending malformed APRS traffic.

Action-Not Available
Vendor-wb2osz
Product-Dire Wolf
CWE ID-CWE-617
Reachable Assertion
CVE-2025-52999
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.03% / 6.74%
||
7 Day CHG-0.01%
Published-25 Jun, 2025 | 17:02
Updated-26 Jun, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
jackson-core Has Potential for StackoverflowError if user parses an input file that contains very deeply nested data

jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources.

Action-Not Available
Vendor-FasterXML, LLC.
Product-jackson-core
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-46405
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.7||HIGH
EPSS-0.08% / 24.74%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 14:46
Updated-21 Oct, 2025 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP APM vulnerability

When Network Access is configured on a BIG-IP APM virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_access_policy_managerBIG-IP
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-11237
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-2.29% / 84.52%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 12:00
Updated-19 Nov, 2024 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TP-Link VN020 F3v(T) DHCP DISCOVER Packet Parser TP-Thumper stack-based overflow

A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-vn020-f3v\(t\)_firmwarevn020-f3v\(t\)VN020 F3v(T)vn020_f3v_firmware
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-37182
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.05% / 15.33%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 20:37
Updated-12 Feb, 2026 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Redir 3.3 - Denial of Service

Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length checking to overwrite memory and cause a segmentation fault, resulting in program termination.

Action-Not Available
Vendor-troglobit
Product-Redir
CWE ID-CWE-121
Stack-based Buffer Overflow
Details not found