diff --git a/MMDVMHost/0004-fix-bufferoverflow.patch b/MMDVMHost/0004-fix-bufferoverflow.patch
new file mode 100644
index 0000000..a28e226
--- /dev/null
+++ b/MMDVMHost/0004-fix-bufferoverflow.patch
@@ -0,0 +1,49 @@
+commit bab1b2ca3c80dc97cfeec23df291064147e4c013
+Author: Rick Altherr <kc8apf@kc8apf.net>
+Date:   Mon Jun 24 15:21:42 2024 -0700
+
+    Fix buffer overflow in Log
+    
+    Log line prefix is written to the buffer before the log message.  While
+    the buffer start was being adjusted when writing the log message via
+    vsnprintf(), the buffer size was not.  This would allow a log message to
+    write past the end of the stack-allocated buffer.
+
+diff --git a/Log.cpp b/Log.cpp
+index 752601e..9c94b0f 100644
+--- a/Log.cpp
++++ b/Log.cpp
+@@ -149,25 +149,29 @@ void Log(unsigned int level, const char* fmt, ...)
+ {
+ 	assert(fmt != NULL);
+ 
+-	char buffer[501U];
++	size_t buffer_len = 501U;
++	char buffer[buffer_len];
++	int count;
+ #if defined(_WIN32) || defined(_WIN64)
+ 	SYSTEMTIME st;
+ 	::GetSystemTime(&st);
+ 
+-	::sprintf(buffer, "%c: %04u-%02u-%02u %02u:%02u:%02u.%03u ", LEVELS[level], st.wYear, st.wMonth, st.wDay, st.wHour, st.wMinute, st.wSecond, st.wMilliseconds);
++	count = ::snprintf(buffer, buffer_len, "%c: %04u-%02u-%02u %02u:%02u:%02u.%03u ", LEVELS[level], st.wYear, st.wMonth, st.wDay, st.wHour, st.wMinute, st.wSecond, st.wMilliseconds);
+ #else
+ 	struct timeval now;
+ 	::gettimeofday(&now, NULL);
+ 
+ 	struct tm* tm = ::gmtime(&now.tv_sec);
+ 
+-	::sprintf(buffer, "%c: %04d-%02d-%02d %02d:%02d:%02d.%03lld ", LEVELS[level], tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec, now.tv_usec / 1000LL);
++	count = ::snprintf(buffer, buffer_len, "%c: %04d-%02d-%02d %02d:%02d:%02d.%03lld ", LEVELS[level], tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec, now.tv_usec / 1000LL);
+ #endif
++	assert(count >= 0);
++	buffer_len -= count;
+ 
+ 	va_list vl;
+ 	va_start(vl, fmt);
+ 
+-	::vsnprintf(buffer + ::strlen(buffer), 500, fmt, vl);
++	::vsnprintf(buffer + count, buffer_len, fmt, vl);
+ 
+ 	va_end(vl);
+ 
diff --git a/MMDVMHost/default.nix b/MMDVMHost/default.nix
index 6233cb6..a533188 100644
--- a/MMDVMHost/default.nix
+++ b/MMDVMHost/default.nix
@@ -15,6 +15,7 @@ stdenv.mkDerivation {
     ./0001-patch-install-path.patch
     ./0002-fix-missing-include.patch
     ./0003-fix-null-controller.patch
+    ./0004-fix-bufferoverflow.patch
   ];
 
 }