VYPR
High severityOSV Advisory· Published Dec 22, 2025· Updated Apr 15, 2026

CVE-2025-34458

CVE-2025-34458

Description

wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 3658a87, contain a reachable assertion vulnerability in the APRS MIC-E decoder function aprs_mic_e() located in src/decode_aprs.c. When processing a specially crafted AX.25 frame containing a MIC-E message with an empty or truncated comment field, the application triggers an unhandled assertion checking for a non-empty comment. This assertion failure causes immediate process termination, allowing a remote, unauthenticated attacker to cause a denial of service by sending malformed APRS traffic.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Wb2osz/DirewolfOSV2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <=1.8

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.