Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
EVerest has out-of-bounds read in DZG_GSH01 SLIP CRC parser that can crash powermeter driver
Vulnerability Description
EVerest is an EV charging software stack. Prior to version 2025.12.0, `is_message_crc_correct` in the DZG_GSH01 powermeter SLIP parser reads `vec[vec.size()-1]` and `vec[vec.size()-2]` without checking that at least two bytes are present. Malformed SLIP frames on the serial link can reach `is_message_crc_correct` with `vec.size() < 2` (only via the multi-message path), causing an out-of-bounds read before CRC verification and `pop_back` underflow. Therefore, an attacker controlling the serial input can reliably crash the process. Version 2025.12.0 fixes the issue.
CVSS Information
N/A
Vulnerability Type
跨界内存读
Vulnerability Title
everest-core 缓冲区错误漏洞
Vulnerability Description
everest-core是EVerest开源的一个电动汽车充电软件堆栈的主要部分。 everest-core 2025.12.0之前版本存在缓冲区错误漏洞,该漏洞源于DZG_GSH01功率计SLIP解析器中的is_message_crc_correct函数未检查至少存在两个字节,可能导致越界读取和pop_back下溢,引发进程崩溃。
CVSS Information
N/A
Vulnerability Type
N/A