Description

EVerest is an EV charging software stack. An integer overflow in the "v2g_incoming_v2gtp" function in the v2g_server.cpp implementation can allow a remote attacker to overflow the process' heap. This vulnerability is fixed in 2024.3.1 and 2024.6.0.

Related CPE's

Could not find any relations

References

https://github.com/EVerest/everest-core/commit/f73620c4c0f626e1097068a47e10cc27b369ad8e

https://github.com/EVerest/everest-core/releases/tag/2024.3.1

https://github.com/EVerest/everest-core/releases/tag/2024.6.0

https://github.com/EVerest/everest-core/security/advisories/GHSA-8g9q-7qr9-vc96

Weaknesses

[email protected]

Secondary
CWE-122CWE-190

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

9 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Awaiting analysis

Published

2024-07-10T20:15:03.790

3 months ago

Last modified

2024-07-11T13:05:54.930

3 months ago