CVE-2025-34458
Assertion Failure in Dire Wolf APRS MIC-E Decoder Causes DoS
Publication date: 2025-12-22
Last updated on: 2025-12-22
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wb2osz | direwolf | 1.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-34458 is a reachable assertion vulnerability in the Dire Wolf APRS software, specifically in the aprs_mic_e() function that decodes MIC-E messages within AX.25 frames. When the software processes a specially crafted AX.25 frame containing a MIC-E message with an empty or truncated comment field, an assertion checking for a non-empty comment fails. This causes the application to terminate immediately, resulting in a denial of service. The root cause is the lack of validation for the comment field length before the assertion, allowing an attacker to crash the process by sending malformed APRS traffic. [1, 2]
How can this vulnerability impact me? :
This vulnerability allows a remote, unauthenticated attacker to cause a denial of service (DoS) by sending specially crafted malformed APRS frames to any Dire Wolf component that uses the vulnerable decode_aprs function. The assertion failure causes the process to abort and crash immediately, disrupting the availability of the affected application or service. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or process terminations of the Dire Wolf application when it processes APRS traffic. Specifically, look for instances where the application aborts due to assertion failures related to the MIC-E comment field. A practical approach is to capture AX.25 frames on the network and analyze them for MIC-E messages with empty or truncated comment fields. Using packet capture tools like tcpdump or Wireshark to filter AX.25 frames can help identify suspicious packets. Additionally, running the decode_aprs executable with crafted or captured AX.25 frames and observing if it triggers assertion failures can confirm the presence of the vulnerability. For example, you can use commands like `tcpdump -i <interface> -w capture.pcap ax25` to capture AX.25 frames, then analyze or replay them against the vulnerable decode_aprs binary to detect crashes. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating Dire Wolf to a version that includes the fix from commit 3658a87, which replaces the vulnerable assertion with safer conditional checks to prevent crashes. If updating is not immediately possible, consider filtering or blocking malformed AX.25 frames containing MIC-E messages with empty or truncated comment fields at the network boundary to prevent them from reaching the vulnerable application. Monitoring and restarting the Dire Wolf process automatically upon crashes can also reduce downtime. Ultimately, applying the patch or upgrading to a fixed version is the recommended action to fully mitigate the denial of service vulnerability. [2, 3]