Home > Vulnerability Database > CVE-2024-37310

Mend.io Vulnerability Database

CVE-2024-37310

Date: July 10, 2024

EVerest is an EV charging software stack. An integer overflow in the "v2g_incoming_v2gtp" function in the v2g_server.cpp implementation can allow a remote attacker to overflow the process' heap. This vulnerability is fixed in 2024.3.1 and 2024.6.0.

Language: C++

Severity Score

9.0

Related Resources (7)

Url: https://github.com/EVerest/everest-core/commit/f73620c4c0f626e1097068a47e10cc27b369ad8e

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-37310

Url: https://github.com/EVerest/everest-core/security/advisories/GHSA-8g9q-7qr9-vc96

Url: https://github.com/EVerest/everest-core/releases/tag/2024.6.0

Url: https://plaxidityx.com/blog/automotive-cyber-security/ev-cyber-security-plaxidityx-discovers-critical-vulnerability-in-everest-open-source-ev-charging-firmware-stack-cve-2024-37310/

Url: https://github.com/EVerest/everest-core/releases/tag/2024.3.1

Url: https://www.mend.io/vulnerability-database/CVE-2024-37310

Severity Score

9.0

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

Heap-based Buffer Overflow

CWE-122

CVSS v3.1

Base Score:	9.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-37310

Date: July 10, 2024

Language: C++

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?