NIXPKGS-2026-0005

published on 11 Jan 2026

Permalink CVE-2025-34458

updated 1 month, 1 week ago by @LeSuisse Activity log

Created automatic suggestion 1 month, 1 week ago
@LeSuisse accepted 1 month, 1 week ago
@LeSuisse published on GitHub 1 month, 1 week ago

wb2osz/direwolf <= 1.8 Reachable Assertion DoS

wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 3658a87, contain a reachable assertion vulnerability in the APRS MIC-E decoder function aprs_mic_e() located in src/decode_aprs.c. When processing a specially crafted AX.25 frame containing a MIC-E message with an empty or truncated comment field, the application triggers an unhandled assertion checking for a non-empty comment. This assertion failure causes immediate process termination, allowing a remote, unauthenticated attacker to cause a denial of service by sending malformed APRS traffic.

Affected products

direwolf

=<1.8
=<1.8.1
==commit 3658a87

Matching in nixpkgs

pkgs.direwolf

Soundcard Packet TNC, APRS Digipeater, IGate, APRStt gateway

nixos-unstable 1.7
- nixpkgs-unstable 1.7
- nixos-unstable-small 1.7

pkgs.direwolf-unstable

Soundcard Packet TNC, APRS Digipeater, IGate, APRStt gateway

nixos-unstable 1.8.1-unstable-2025-11-16
- nixpkgs-unstable 1.8.1-unstable-2025-11-16
- nixos-unstable-small 1.8.1-unstable-2025-11-16

Package maintainers

@sarcasticadmin Robert James Hernandez <rob@sarcasticadmin.com>
@lasandell Luke Sandell <lasandell@gmail.com>
@Pandapip1 Gavin John <gavinnjohn@gmail.com>

Patch: https://github.com/wb2osz/direwolf/commit/3658a878920803bbb69a4567579dcc4d6cb80a92

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0005

Affected products

Matching in nixpkgs

pkgs.direwolf

pkgs.direwolf-unstable

Package maintainers