漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
EVerest: ISO15118 session_setup payment options overflow can corrupt EVSE state
Vulnerability Description
EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_session_setup copies a variable-length payment_options list into a fixed-size array of length 2 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can trigger out-of-bounds writes and corrupt adjacent EVSE state or crash the process. Version 2026.02.0 contains a patch.
CVSS Information
N/A
Vulnerability Type
跨界内存写
Vulnerability Title
EVerest 缓冲区错误漏洞
Vulnerability Description
EVerest是EVerest开源的一个电动汽车充电桩的固件。 EVerest 2026.02.0之前版本存在缓冲区错误漏洞,该漏洞源于ISO15118_chargerImpl::handle_session_setup函数将可变长度列表复制到固定大小数组时未进行边界检查,可能导致越界写入、损坏相邻状态或进程崩溃。
CVSS Information
N/A
Vulnerability Type
N/A