3 matches found
CVE-2025-68132
CVE-2025-68132 affects EVerest EV charging software stack. The issue lies in the DZG_GSH01 powermeter SLIP parser, where is_message_crc_correct reads vec[vec.size()-1] and vec[vec.size()-2] without verifying that at least two bytes exist. Malformed SLIP frames on the serial link can reach this fu...
CVE-2025-68132 EVerest has out-of-bounds read in DZG_GSH01 SLIP CRC parser that can crash powermeter driver
EVerest is an EV charging software stack. Prior to version 2025.12.0, ismessagecrccorrect in the DZGGSH01 powermeter SLIP parser reads vecvec.size-1 and vecvec.size-2 without checking that at least two bytes are present. Malformed SLIP frames on the serial link can reach ismessagecrccorrect with...
Everest-Core buffer error vulnerability
Everest-core is a major component of the EVerest open-source electric vehicle charging software stack. Versions of everest-core prior to 2025.12.0 contained a buffer error vulnerability. This vulnerability stems from the ismessagecrccorrect function in the DZGGSH01 power meter SLIP parser, which...