Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
EVerest's ISO15118 update_energy_transfer_modes overflow can corrupt EVSE state
Vulnerability Description
EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_update_energy_transfer_modes copies a variable-length list into a fixed-size array of length 6 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can trigger out-of-bounds writes and corrupt adjacent EVSE state or crash the process. Version 2026.02.0 contains a patch.
CVSS Information
N/A
Vulnerability Type
跨界内存写
Vulnerability Title
EVerest 缓冲区错误漏洞
Vulnerability Description
EVerest是EVerest开源的一个电动汽车充电桩的固件。 EVerest 2026.02.0之前版本存在缓冲区错误漏洞,该漏洞源于ISO15118_chargerImpl::handle_update_energy_transfer_modes函数将可变长度列表复制到固定大小数组时未进行边界检查,可能导致越界写入、损坏相邻状态或进程崩溃。
CVSS Information
N/A
Vulnerability Type
N/A