VYPR
High severityOSV Advisory· Published Dec 22, 2025· Updated Apr 15, 2026

CVE-2025-34457

CVE-2025-34457

Description

wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 694c954, contain a stack-based buffer overflow vulnerability in the function kiss_rec_byte() located in src/kiss_frame.c. When processing crafted KISS frames that reach the maximum allowed frame length (MAX_KISS_LEN), the function appends a terminating FEND byte without reserving sufficient space in the stack buffer. This results in an out-of-bounds write followed by an out-of-bounds read during the subsequent call to kiss_unwrap(), leading to stack memory corruption or application crashes. This vulnerability may allow remote unauthenticated attackers to trigger a denial-of-service condition.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Wb2osz/DirewolfOSV2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <=1.8

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.

CVE-2025-34457 · High · VYPR