Vlatko Kosturjak

**Name of the Vulnerable Software and Affected Versions** wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 694c954 **Description** The software contains a stack-based buffer overflow issue in the `kiss rec byte()` function, found in src/kiss frame.c. Processing specially crafted KISS frames reaching the maximum allowed frame length (MAX KISS LEN) causes the function to append a terminating FEND byte without allocating enough space in the stack buffer. This leads to an out-of-bounds write and subsequent out-of-bounds read during the call to `kiss unwrap()`, resulting in stack memory corruption or application crashes. This may allow remote, unauthenticated attackers to cause a denial-of-service condition. **Recommendations** Update wb2osz/direwolf (Dire Wolf) to a version later than 1.8 and including commit 694c954.

**Name of the Vulnerable Software and Affected Versions** wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 3658a87 **Description** The software contains a reachable assertion issue in the APRS MIC-E decoder function `aprs mic e()` located in src/decode aprs.c. Processing a specially crafted AX.25 frame with a MIC-E message containing an empty or truncated comment field triggers an unhandled assertion. This assertion failure causes the application to terminate, resulting in a denial of service. A remote, unauthenticated attacker can cause this by sending malformed APRS traffic. **Recommendations** Update to a version after commit 3658a87.

**Name of the Vulnerable Software and Affected Versions** merbanan/rtl 433 versions up to and including 25.02 and prior to commit 25e47f8 **Description** The software contains a stack-based buffer overflow in the `parse rfraw()` function, located in `src/rfraw.c`. Processing crafted or excessively large raw RF input data can cause the application to write beyond the bounds of a stack buffer, leading to memory corruption or a crash. This can result in a denial of service and, potentially, further exploitation depending on the environment. **Recommendations** Update to a version after commit 25e47f8.

**Name of the Vulnerable Software and Affected Versions** rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 **Description** The software contains a stack-based buffer overflow in the `proxy from string()` function, located in src/libproxychains.c. This occurs when parsing proxy configuration entries with excessively long `username` or `password` fields. The application may write beyond the bounds of stack buffers, potentially causing memory corruption or crashes. This may lead to denial of service and, depending on the environment, could be leveraged for further exploitation. **Recommendations** Update to a version after commit cc005b7.