CVE-2025-34458

UNKNOWN 0.0

wb2osz/direwolf <= 1.8.1 Reachable Assertion DoS

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 3658a87, contain a reachable assertion vulnerability in the APRS MIC-E decoder function aprs_mic_e() located in src/decode_aprs.c. When processing a specially crafted AX.25 frame containing a MIC-E message with an empty or truncated comment field, the application triggers an unhandled assertion checking for a non-empty comment. This assertion failure causes immediate process termination, allowing a remote, unauthenticated attacker to cause a denial of service by sending malformed APRS traffic.

CWE	CWE-617
Vendor	wb2osz
Product	dire wolf
Published	Dec 22, 2025
Last Updated	Mar 23, 2026

Stay Ahead of the Next One

Get instant alerts for wb2osz dire wolf

Be the first to know when new unknown vulnerabilities affecting wb2osz dire wolf are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

wb2osz / Dire Wolf

0 ≤ 1.8.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-010-direwolf-stack-buffer-overflow-kiss-frame.md github.com: https://github.com/wb2osz/direwolf/issues/618 github.com: https://github.com/wb2osz/direwolf/commit/3658a87 vulncheck.com: https://www.vulncheck.com/advisories/wb2osz-direwolf-reachable-assertion-dos

Credits

Vlatko Kosturjak with Marlink Cyber