Skip to main content

striso-control-firmware EUVD-2025-209826

| CVE-2025-28344 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-05-13 cve@mitre.org GHSA-v25w-59mf-2w8h
Buffer Overflow Stack Overflow
7.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 14, 2026 - 13:22 vuln.today
CVSS changed
May 14, 2026 - 13:22 NVD
7.5 (HIGH)
CVE Published
May 13, 2026 - 16:16 nvd
UNKNOWN (no severity yet)
CVE Published
May 13, 2026 - 16:16 nvd
HIGH 7.5

DescriptionNVD

striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack.

AnalysisAI

Remote denial-of-service attacks against striso-control-firmware commit 54c9722 via buffer overflow in AuxJack function allow unauthenticated network attackers to crash the device. Despite the high CVSS 7.5 severity, impact is limited to availability (no code execution, data theft, or privilege escalation), and the vulnerability affects an unversioned development commit of specialized musical instrument firmware with a narrow user base. No public exploit code or active exploitation indicators identified at time of analysis.

Technical ContextAI

This vulnerability affects the striso-control-firmware, which provides firmware for the Striso Board, a specialized electronic musical instrument. The buffer overflow (CWE-121) occurs in the AuxJack function, which likely handles auxiliary jack input/output or communication. CWE-121 refers to stack-based buffer overflow where data written to a buffer exceeds its allocated memory boundary on the call stack. The affected code is identified by git commit hash 54c9722 rather than a semantic version number, indicating this is development firmware. The network attack vector (AV:N) combined with low complexity (AC:L) suggests the vulnerable endpoint accepts network input without adequate bounds checking, allowing malformed packets to overflow the buffer. Given the device's nature as a musical controller, the network interface likely processes MIDI-over-network, OSC (Open Sound Control), or similar music protocol traffic.

RemediationAI

Update striso-control-firmware to a version newer than commit 54c9722 that addresses the AuxJack buffer overflow. Users should check the GitHub repository at github.com/striso/striso-control-firmware/issues/6 for vendor response and patch availability, then rebuild and reflash firmware from a commit that includes the fix. As of this analysis, no specific patched version number or release tag has been independently confirmed. If immediate firmware updates are not feasible, implement network-level compensating controls: restrict network access to the Striso Board device by placing it on an isolated VLAN or behind a firewall that permits only trusted music production workstations to communicate with it, blocking unsolicited inbound network traffic to MIDI/OSC ports. This reduces attack surface but may limit legitimate network music collaboration features. For devices exposed to untrusted networks (public performances, shared studios), consider disabling network MIDI/OSC features entirely and using only USB or hardware MIDI connections until a confirmed patch is applied, though this eliminates wireless control capabilities.

Share

EUVD-2025-209826 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy