CNNVD-202601-3352 Information

CNNVD ID

CNNVD-202601-3352

Related CVE

CVE-2025-68141

• CNNVD Published: 2026-01-21

Description (Chinese)

everest-core是EVerest开源的一个电动汽车充电软件堆栈的主要部分。 everest-core 2025.10.0之前版本存在代码问题漏洞，该漏洞源于反序列化DC_ChargeLoopRes消息时向量访问越界，可能导致空指针取消引用和模块终止。

Description (English)

Veverest-core is the main part of an electric vehicle charging software stack at the EVerest open source. There is a code problem loophole in the pre-everest-core 2025.10.0 version, which stems from the fact that vector access to DC ChargeLoopRes messages crosses the border, which may lead to the elimination of references and the termination of the module from the empty pointer.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

EVerest

Published

2026-01-21

Last Modified

2026-02-24

References

https://github.com/EVerest/everest-core/security/advisories/GHSA-ph4w-r9q8-vm9h https://access.redhat.com/security/cve/cve-2025-68141

Patch

https://github.com/EVerest/everest-core