CVE-2024-37310

CVSS v3.1

9.0

Critical

Vector

AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2024.3.1 EVerest versions prior to 2024.6.0

Description EVerest is an EV charging software stack. An integer overflow in the v2g incoming v2gtp function in the v2g server.cpp implementation can allow a remote attacker to overflow the process' heap.

Recommendations For versions prior to 2024.3.1, update to version 2024.3.1 or later. For versions prior to 2024.6.0, update to version 2024.6.0 or later. As a temporary workaround, consider disabling the v2g incoming v2gtp function until a patch is available.

Exploit

Fix

Integer Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-122

Related Identifiers

CVE-2024-37310

GHSA-8G9Q-7QR9-VC96

Affected Products

Everest

CVE-2024-37310

Weakness Enumeration

Related Identifiers

Affected Products

References · 13