Dire Wolf: Stack-based Buffer Overflow in KISS Frame Processing (src/kiss_frame.c) Key Vulnerability Information Advisory ID: MCSAID-2025-010 CVE ID: CVE-2025-34457 Product: Dire Wolf Reported: 2025-11-04 Published: 2025-11-16 Fixed: Commit 694c95485b21c1c22bc4682703771dec4d7a374b Severity: High (Memory corruption / crash) CWE: CWE-121: Stack-based Buffer Overflow Discovered by: Vlatko Kosturjak of Marlink Cyber Summary A stack-based buffer overflow vulnerability exists in the function within the file . The vulnerability occurs when processing KISS frames that reach . The function writes a terminating FEND byte beyond the allocated buffer, causing memory corruption and potential crashes. Affected Versions Technical Details In the function, non-FEND bytes are accumulated up to the limit. The original check at line 485 does not account for the final FEND terminator byte, leading to overflow. The upstream patch modifies the boundary check to reserve space for the final byte. Impact Primary impact: Denial of Service (crash) Secondary impact: Potential control-flow corruption Attack Vector: Network (malicious KISS TCP clients) CVSS v3.1 Base Score: 7.5 (High) Fix / Mitigation 1. Upgrade to a version including commit or later. 2. Backport the fix by applying the single-line change in at line 485. 3. Restrict access to the KISS TCP port to trusted clients only.