A vulnerability has been identified in OpenV2G (V0.9.4). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption.
[
{
"product": "OpenV2G",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "V0.9.4"
}
]
}
]