CVE-2025-68138

MEDIUM

4.7

Descripcion

EVerest is an EV charging software stack, and EVerest libocpp is a C++ implementation of the Open Charge Point Protocol. In libocpp prior to version 0.30.1, pointers returned by the `strdup` calls are never freed. At each connection attempt, the newly allocated memory area will be leaked, potentially causing memory exhaustion and denial of service. Version 0.30.1 fixes the issue.

Detalles CVE

Puntuacion CVSS v3.14.7

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Vector de ataqueADJACENT_NETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado1/21/2026

Ultima modificacion2/6/2026

Fuentenvd

Avistamientos honeypot0

Productos afectados

linuxfoundation:libocpp

Debilidades (CWE)

CWE-770

Referencias

https://github.com/EVerest/everest-core/security/advisories/GHSA-f8c2-44c3-7v55(security-advisories@github.com)

https://github.com/EVerest/libocpp/blob/89c7b62ec899db637f43b54f19af2c4af30cfa66/lib/ocpp/common/websocket/websocket_libwebsockets.cpp(security-advisories@github.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.