Description

EVerest is an EV charging software stack. An integer overflow in the "v2g_incoming_v2gtp" function in the v2g_server.cpp implementation can allow a remote attacker to overflow the process' heap. This vulnerability is fixed in 2024.3.1 and 2024.6.0.

Related CPE's

Could not find any relations

References

https://github.com/EVerest/everest-core/commit/f73620c4c0f626e1097068a47e10cc27b369ad8e

https://github.com/EVerest/everest-core/releases/tag/2024.3.1

https://github.com/EVerest/everest-core/releases/tag/2024.6.0

https://github.com/EVerest/everest-core/security/advisories/GHSA-8g9q-7qr9-vc96

https://github.com/EVerest/everest-core/commit/f73620c4c0f626e1097068a47e10cc27b369ad8e

https://github.com/EVerest/everest-core/releases/tag/2024.3.1

https://github.com/EVerest/everest-core/releases/tag/2024.6.0

https://github.com/EVerest/everest-core/security/advisories/GHSA-8g9q-7qr9-vc96

https://plaxidityx.com/blog/automotive-cyber-security/ev-cyber-security-plaxidityx-discovers-critical-vulnerability-in-everest-open-source-ev-charging-firmware-stack-cve-2024-37310/

Weaknesses

[email protected]

Secondary
CWE-122CWE-190

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

9 · Critical

Information

Source identifier

[email protected]

Vulnerability status

Awaiting analysis

Published

2024-07-10T18:15:03.790Z

1 year ago

Last modified

2024-12-16T00:15:05.320Z

1 year ago