Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged
Filter by:
With package: direwolf

Found 3 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-32458
7.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 1 month ago
WordPress WOLF plugin <= 1.0.8.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through <= 1.0.8.7.

Affected products

bulk-editor
  • =<<= 1.0.8.7

Matching in nixpkgs

pkgs.ecwolf

Enhanched SDL-based port of Wolfenstein 3D for various platforms

pkgs.wolfssl

Small, fast, portable implementation of TLS/SSL for embedded devices

pkgs.direwolf

Soundcard Packet TNC, APRS Digipeater, IGate, APRStt gateway

pkgs.wolfebin

Quick and easy file sharing

  • nixos-unstable 5.6
    • nixpkgs-unstable 5.6
    • nixos-unstable-small 5.6
  • nixos-25.11 5.6
    • nixos-25.11-small 5.6
    • nixpkgs-25.11-darwin 5.6

pkgs.wolf-shaper

Waveshaper plugin with spline-based graph editor

pkgs.wolfram-notebook

None

  • nixos-unstable -
    • nixpkgs-unstable
    • nixos-unstable-small
  • nixos-25.11 -
    • nixos-25.11-small
    • nixpkgs-25.11-darwin

pkgs.wolfstoneextract

Utility to extract Wolfstone data from Wolfenstein II

  • nixos-unstable 1.2
    • nixpkgs-unstable 1.2
    • nixos-unstable-small 1.2
  • nixos-25.11 1.2
    • nixos-25.11-small 1.2
    • nixpkgs-25.11-darwin 1.2

Package maintainers

Permalink CVE-2025-34457
created 3 months, 3 weeks ago
wb2osz/direwolf <= 1.8 Stack-based Buffer Overflow DoS

wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 694c954, contain a stack-based buffer overflow vulnerability in the function kiss_rec_byte() located in src/kiss_frame.c. When processing crafted KISS frames that reach the maximum allowed frame length (MAX_KISS_LEN), the function appends a terminating FEND byte without reserving sufficient space in the stack buffer. This results in an out-of-bounds write followed by an out-of-bounds read during the subsequent call to kiss_unwrap(), leading to stack memory corruption or application crashes. This vulnerability may allow remote unauthenticated attackers to trigger a denial-of-service condition.

Affected products

direwolf
  • =<1.8.1
  • =<1.8
  • ==commit 694c954

Matching in nixpkgs

pkgs.direwolf

Soundcard Packet TNC, APRS Digipeater, IGate, APRStt gateway

  • nixos-unstable 1.7
    • nixpkgs-unstable 1.7
    • nixos-unstable-small 1.7
  • nixos-25.11 1.7
    • nixpkgs-25.11-darwin 1.7

Package maintainers

Permalink CVE-2025-34458
created 3 months, 3 weeks ago
wb2osz/direwolf <= 1.8 Reachable Assertion DoS

wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 3658a87, contain a reachable assertion vulnerability in the APRS MIC-E decoder function aprs_mic_e() located in src/decode_aprs.c. When processing a specially crafted AX.25 frame containing a MIC-E message with an empty or truncated comment field, the application triggers an unhandled assertion checking for a non-empty comment. This assertion failure causes immediate process termination, allowing a remote, unauthenticated attacker to cause a denial of service by sending malformed APRS traffic.

Affected products

direwolf
  • =<1.8.1
  • =<1.8
  • ==commit 3658a87

Matching in nixpkgs

pkgs.direwolf

Soundcard Packet TNC, APRS Digipeater, IGate, APRStt gateway

  • nixos-unstable 1.7
    • nixpkgs-unstable 1.7
    • nixos-unstable-small 1.7
  • nixos-25.11 1.7
    • nixpkgs-25.11-darwin 1.7

Package maintainers