4.7

CVE-2025-68138

EVerest affected by memory exhaustion in libocpp

EVerest is an EV charging software stack, and EVerest libocpp is a C++ implementation of the Open Charge Point Protocol. In libocpp prior to version 0.30.1, pointers returned by the `strdup` calls are never freed. At each connection attempt, the newly allocated memory area will be leaked, potentially causing memory exhaustion and denial of service. Version 0.30.1 fixes the issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxfoundationLibocpp Version < 0.30.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.056
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-advisories@github.com 4.7 2.8 1.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

https://github.com/EVerest/everest-core/security/advisories/GHSA-f8c2-44c3-7v55
Vendor Advisory
https://github.com/EVerest/libocpp/blob/89c7b62ec899db637f43b54f19af2c4af30cfa66/lib/ocpp/common/websocket/websocket_libwebsockets.cpp
Product