CVE-2025-34458

22.12.2025, 22:16

wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 3658a87, contain a reachable assertion vulnerability in the APRS MIC-E decoder function aprs_mic_e() located in src/decode_aprs.c. When processing a specially crafted AX.25 frame containing a MIC-E message with an empty or truncated comment field, the application triggers an unhandled assertion checking for a non-empty comment. This assertion failure causes immediate process termination, allowing a remote, unauthenticated attacker to cause a denial of service by sending malformed APRS traffic.

Provider	Type	Base Score	Vector
NIST	NIST	UNKNOWN	---
VulnCheck	CNA	---	---
CISA-ADP	ADP	---	---

Base Score

CVSS 3.x

EPSS Score

Percentile: 27%

Debian Releases

Debian Product

Codename

direwolf

bullseye	unimportant
bookworm	unimportant
trixie	unimportant
forky	unimportant
sid	1.8.1+dfsg-2 fixed

Common Weakness Enumeration

CWE-617 - Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References

https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-010-direwolf-stack-buffer-overflow-kiss-frame.md

https://github.com/wb2osz/direwolf/commit/3658a87

https://github.com/wb2osz/direwolf/issues/618

https://www.vulncheck.com/advisories/wb2osz-direwolf-reachable-assertion-dos