漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
EVerest: ISO15118 session_setup use-after-free can crash EVSE process
Vulnerability Description
EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118_chargerImpl::handle_session_setup uses v2g_ctx after it has been freed when ISO15118 initialization fails (e.g., no IPv6 link-local address). The EVSE process can be crashed remotely by an attacker with MQTT access who issues a session_setup command while v2g_ctx has been released. Version 2026.02.0 contains a patch.
CVSS Information
N/A
Vulnerability Type
释放后使用
Vulnerability Title
EVerest 资源管理错误漏洞
Vulnerability Description
EVerest是EVerest开源的一个电动汽车充电桩的固件。 EVerest 2026.02.0之前版本存在资源管理错误漏洞,该漏洞源于ISO15118_chargerImpl::handle_session_setup函数在ISO15118初始化失败后使用了已释放的v2g_ctx,可能导致远程崩溃。
CVSS Information
N/A
Vulnerability Type
N/A