CVE-2022-27242

Name of the Vulnerable Software and Affected Versions OpenV2G version 0.9.4

Description A vulnerability has been identified in the OpenV2G EXI parsing feature, which is missing a length check when parsing X509 serial numbers. This allows an attacker to introduce a buffer overflow, leading to memory corruption. The issue is related to the implementation of the EXI file parsing function, which can cause a buffer overflow when checking the length of X509 certificate serial numbers, potentially allowing an attacker to cause a denial of service.

Recommendations For OpenV2G version 0.9.4, consider disabling the EXI parsing feature until a patch is available to prevent potential buffer overflow attacks. Restrict access to the EXI parsing module to minimize the risk of exploitation. Avoid using the EXI parsing feature for X509 serial number parsing until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.