Source: direwolf Version: 1.8.1+dfsg-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerabilities were published for direwolf. CVE-2025-34457[0]: | wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior | to commit 694c954, contain a stack-based buffer overflow | vulnerability in the function kiss_rec_byte() located in | src/kiss_frame.c. When processing crafted KISS frames that reach the | maximum allowed frame length (MAX_KISS_LEN), the function appends a | terminating FEND byte without reserving sufficient space in the | stack buffer. This results in an out-of-bounds write followed by an | out-of-bounds read during the subsequent call to kiss_unwrap(), | leading to stack memory corruption or application crashes. This | vulnerability may allow remote unauthenticated attackers to trigger | a denial-of-service condition. CVE-2025-34458[1]: | wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior | to commit 3658a87, contain a reachable assertion vulnerability in | the APRS MIC-E decoder function aprs_mic_e() located in | src/decode_aprs.c. When processing a specially crafted AX.25 frame | containing a MIC-E message with an empty or truncated comment field, | the application triggers an unhandled assertion checking for a non- | empty comment. This assertion failure causes immediate process | termination, allowing a remote, unauthenticated attacker to cause a | denial of service by sending malformed APRS traffic. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-34457 https://www.cve.org/CVERecord?id=CVE-2025-34457 [1] https://security-tracker.debian.org/tracker/CVE-2025-34458 https://www.cve.org/CVERecord?id=CVE-2025-34458 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
