Vulnerability Description
EVerest is an EV charging software stack. An integer overflow in the "v2g_incoming_v2gtp" function in the v2g_server.cpp implementation can allow a remote attacker to overflow the process' heap. This vulnerability is fixed in 2024.3.1 and 2024.6.0.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://github.com/EVerest/everest-core/commit/f73620c4c0f626e1097068a47e10cc27b
- https://github.com/EVerest/everest-core/releases/tag/2024.3.1
- https://github.com/EVerest/everest-core/releases/tag/2024.6.0
- https://github.com/EVerest/everest-core/security/advisories/GHSA-8g9q-7qr9-vc96
- https://github.com/EVerest/everest-core/commit/f73620c4c0f626e1097068a47e10cc27b
- https://github.com/EVerest/everest-core/releases/tag/2024.3.1
- https://github.com/EVerest/everest-core/releases/tag/2024.6.0
- https://github.com/EVerest/everest-core/security/advisories/GHSA-8g9q-7qr9-vc96
- https://plaxidityx.com/blog/automotive-cyber-security/ev-cyber-security-plaxidit
FAQ
What is CVE-2024-37310?
CVE-2024-37310 is a vulnerability with a CVSS score of 9.0 (CRITICAL). EVerest is an EV charging software stack. An integer overflow in the "v2g_incoming_v2gtp" function in the v2g_server.cpp implementation can allow a remote attacker to overflow the process' heap. This ...
How severe is CVE-2024-37310?
CVE-2024-37310 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-37310?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.