Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
EVerest vulnerable to concatenation of strings literal and integers
Vulnerability Description
EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted languages. This can be used by malicious operator to read unintended memory regions, including the heap and the stack. Version 2025.9.0 fixes the issue.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
使用字符串连接创建不可变文本
Vulnerability Title
everest-core 安全漏洞
Vulnerability Description
everest-core是EVerest开源的一个电动汽车充电软件堆栈的主要部分。 everest-core 2025.9.0之前版本存在安全漏洞,该漏洞源于在抛出错误时将整数值与字符串字面量连接,可能导致读取意外内存区域。
CVSS Information
N/A
Vulnerability Type
N/A