EVerest's Integer Overflow and Signed to Unsigned conversion lead to either stack buffer overflow or infinite loop

EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in `SdpPacket::parse_header()` allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining length to read is computed using the current length subtracted by the header length which results in a negative value. This value is then interpreted as `SIZE_MAX` (or slightly less) because the expected type of the argument is `size_t`. Depending on whether the server is plain TCP or TLS, this leads to either an infinite loop or a stack buffer overflow. Version 2025.10.0 fixes the issue.

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)

everest-core 安全漏洞

everest-core是EVerest开源的一个电动汽车充电软件堆栈的主要部分。 everest-core 2025.10.0之前版本存在安全漏洞，该漏洞源于SdpPacket::parse_header函数中存在整数溢出，可能导致无限循环或栈缓冲区溢出。

N/A

N/A