CVE-2022-24700 – A buffer overflow vulnerability in WinAPRS 2.9.... (How to Fix)

Q: What is the severity of CVE-2022-24700?

CVE-2022-24700 has a CVSS score of 7.5 (HIGH). A buffer overflow vulnerability in WinAPRS 2.9.0 allows remote attackers to crash the daemon by sending malicious AX.25 packets over VHF radio. This affects users running unsupported versions of WinAPRS for amateur radio packet communication. The vulnerability is specific to DIGI address processing in KISS packets.

📋 TL;DR

A buffer overflow vulnerability in WinAPRS 2.9.0 allows remote attackers to crash the daemon by sending malicious AX.25 packets over VHF radio. This affects users running unsupported versions of WinAPRS for amateur radio packet communication. The vulnerability is specific to DIGI address processing in KISS packets.

💻 Affected Systems

Products:

WinAPRS

Versions: 2.9.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects WinAPRS installations processing VHF KISS packets with DIGI addressing. Requires attacker access to transmit over amateur radio frequencies.

📦 What is this software?

Winaprs by Winaprs

View all CVEs affecting Winaprs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Persistent denial of service rendering the WinAPRS service unavailable, potentially disrupting amateur radio packet communication networks.

🟠

Likely Case

Intermittent daemon crashes requiring manual restart, disrupting APRS packet forwarding and position reporting.

🟢

If Mitigated

No impact if vulnerable software is not exposed to malicious packet sources or if workarounds are implemented.

🌐 Internet-Facing: LOW (This is a VHF radio protocol vulnerability, not internet-facing)

🏢 Internal Only: MEDIUM (Risk exists within amateur radio networks where malicious packets could be transmitted)

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires radio transmission capability but no authentication. Proof of concept demonstrated in referenced blog posts.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: N/A

Restart Required: No

Instructions:

No official patch available as WinAPRS is no longer supported. Consider migrating to alternative APRS software.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate WinAPRS systems from untrusted radio sources using physical separation or trusted repeater networks only.

Monitoring and Restart Script

windows

Implement automated monitoring to detect crashes and restart the WinAPRS service.

🧯 If You Can't Patch

Replace WinAPRS with actively maintained alternative APRS software
Implement strict radio network controls to only accept packets from trusted sources

🔍 How to Verify

Check if Vulnerable:

Check WinAPRS version in Help > About menu. Version 2.9.0 is vulnerable.

Check Version:

Check WinAPRS GUI: Help > About

Verify Fix Applied:

Since no patch exists, verification involves confirming migration to alternative software or implementation of workarounds.

📡 Detection & Monitoring

Log Indicators:

WinAPRS service crash logs
Unexpected termination events in Windows Event Viewer

Network Indicators:

Unusual AX.25 packet patterns on VHF frequencies
Malformed DIGI addresses in packet captures

SIEM Query:

EventID: 1000 OR 1001 Source: WinAPRS.exe (Windows Event Log)

📊 Metadata

CVE ID: CVE-2022-24700

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

Published: June 2, 2022

Last Updated: November 21, 2024

🔗 References

https://winaprs.com/ Product,Vendor Advisory
https://www.coalfire.com/the-coalfire-blog/hacking-ham-radio-winaprs-part1 Exploit,Third Party Advisory
https://winaprs.com/ Product,Vendor Advisory
https://www.coalfire.com/the-coalfire-blog/hacking-ham-radio-winaprs-part1 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24700, you might also want to check these: