CVE-2025-68132 EVerest has out-of-bounds read in DZG_GSH01 SLIP CRC parser that can crash powermeter driver

EVerest is an EV charging software stack. Prior to version 2025.12.0, ismessagecrccorrect in the DZGGSH01 powermeter SLIP parser reads vecvec.size-1 and vecvec.size-2 without checking that at least two bytes are present. Malformed SLIP frames on the serial link can reach ismessagecrccorrect with...

CVE-2026-22214

RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos utility due to missing bounds checking when processing incoming serial frame data. The vulnerability occurs in the handlechar function, where incoming frame bytes are appended t...

CVE-2026-22214

RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the ethos utility due to missing bounds checking when processing incoming serial frame data. The vulnerability occurs in the handlechar function, where incoming frame bytes are appended t...

PT-2026-2323

Name of the Vulnerable Software and Affected Versions RIOT OS versions up to and including 2026.01-devel-317 Description RIOT OS versions up to and including 2026.01-devel-317 have a stack-based buffer overflow issue in the ethos utility. This is due to a lack of bounds checking when handling...

📄 ABB Cylon BACnet MS/TP Kernel Module mstp.ko Out-Of-Bounds Write

A buffer overflow vulnerability exists in the mstp.ko kernel module, responsible for processing BACnet MS/TP frames over serial RS485. The SendFrame function writes directly into a statically sized kernel buffer allocentry0x1f5 without validating the length of attacker-controlled data param5. If ...