CVE-2024-37310

July 10, 2024, 8:15 p.m.

9.0
Critical

Description

EVerest is an EV charging software stack. An integer overflow in the "v2g_incoming_v2gtp" function in the v2g_server.cpp implementation can allow a remote attacker to overflow the process' heap. This vulnerability is fixed in 2024.3.1 and 2024.6.0.

Product(s) Impacted

Product Versions
EVerest EV charging software stack
  • ['2024.3.1', '2024.6.0']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-122
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References

https://github.com/EVerest/everest-core/commit/f73620c4c0f626e1097068a47e10cc27b369ad8e
https://github.com/EVerest/everest-core/releases/tag/2024.3.1
https://github.com/EVerest/everest-core/releases/tag/2024.6.0
https://github.com/EVerest/everest-core/security/advisories/GHSA-8g9q-7qr9-vc96

Tags

security-advisories@github.com
CWE-122
2024-07-10
CVE-2024-37310

CVSS Score

9.0 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: HIGH
  • Privileges Required: NONE
  • Scope: CHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

    View Vector String

Timeline

Published: July 10, 2024, 8:15 p.m.
Last Modified: July 10, 2024, 8:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.