CNNVD-202601-3364 Information
CNNVD ID
CNNVD-202601-3364
Related CVE
- CNNVD Published: 2026-01-21
Description (Chinese)
everest-core是EVerest开源的一个电动汽车充电软件堆栈的主要部分。 everest-core 2025.12.0之前版本存在缓冲区错误漏洞,该漏洞源于DZG_GSH01功率计SLIP解析器中的is_message_crc_correct函数未检查至少存在两个字节,可能导致越界读取和pop_back下溢,引发进程崩溃。
Description (English)
Veverest-core is the main part of an electric vehicle charging software stack at the EVerest open source. The pre-everest-core 2025.12.0 version had a buffer zone error loophole, which originated from the s message crc corp function in the DZG GSH01 power meter SLIP solver, which failed to check the existence of at least two bytes, which could lead to cross-border reading and pop back spills, triggering process collapse.
Hazard Level
Critical
Vulnerability Type
缓冲区错误
Affected Vendor
EVerest
Published
2026-01-21
Last Modified
2026-02-24
References
https://github.com/EVerest/everest-core/commit/b8139b95144e3fe0082789b7fafe4e532ee494a1 https://github.com/EVerest/everest-core/security/advisories/GHSA-79gc-m8w6-9hx5 https://access.redhat.com/security/cve/cve-2025-68132
Patch
https://github.com/EVerest/everest-core
Share on: