PT-2026-28323 · Everest · Everest
Finder16
·
Publicado
2026-03-26
·
Atualizado
2026-03-29
·
CVE-2026-22593
CVSS v3.1
8.4
Alta
| Vetor | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
EVerest versions prior to 2026.02.0
Description
EVerest is an EV charging software stack. A flaw exists in IsoMux certificate filename handling due to an off-by-one check. This can lead to a stack-based buffer overflow when a filename length equals
MAX FILE NAME LENGTH (100). A crafted filename within the certificate directory can overflow file names[idx], potentially corrupting stack state and enabling code execution.Recommendations
Versions prior to 2026.02.0 should be updated to version 2026.02.0 or later.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Everest