CVE-2025-8183
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-08-11
Assigner: GitLab Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| d3tn | ud3tn | 0.14.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8183 is a NULL pointer dereference vulnerability in uD3TN version 0.14.2. It occurs when the software processes a BPv7 bundle whose destination Endpoint Identifier (EID) uses the dtn scheme with a Service Specific Part (SSP) starting with a tilde (~), which denotes a non-singleton endpoint. The function bundle_forward() calls get_node_id() on the destination EID, which returns NULL for tilde-prefixed SSPs. However, bundle_forward() does not check for this NULL value and passes it to fib_lookup_node(), which then calls strlen() on the NULL pointer, causing a segmentation fault and crashing the node. This vulnerability can be triggered remotely by sending a crafted bundle with such an EID, causing a denial-of-service (DoS) condition. [1]
How can this vulnerability impact me? :
This vulnerability allows any unauthenticated remote attacker to cause a denial-of-service (DoS) by crashing a uD3TN node. By sending a specially crafted bundle with a destination EID containing a tilde-prefixed SSP, the attacker can trigger a segmentation fault that immediately crashes the node, disrupting its availability and potentially affecting network operations relying on uD3TN. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or segmentation faults in the uD3TN node when it receives bundles with destination Endpoint Identifiers (EIDs) that have a tilde-prefixed Service Specific Part (SSP), e.g., dtn://node18/~tele. A minimal reproducer involves sending a crafted bundle with such a destination EID to the uD3TN node and observing if it crashes. Specific commands to detect this could include using network tools to send crafted BPv7 bundles with tilde-prefixed SSPs to the node and checking system logs or process status for crashes. However, no exact commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include preventing the uD3TN node from processing bundles with destination EIDs containing tilde-prefixed SSPs, as these trigger the NULL pointer dereference. This could involve filtering or blocking such bundles at the network level or applying patches or updates to uD3TN that fix the improper NULL pointer handling in the bundle_forward() function. Since the vulnerability is caused by unvalidated NULL pointers in forwarding logic, updating to a fixed version of uD3TN when available is recommended. No specific mitigation commands or patches are detailed in the resources. [1]