Memory Corruption Vulnerability in OpenV2G
Monitor6.2SSA-736385May 10, 2022
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
OpenV2G V0.9.4 contains a buffer overflow vulnerability that could allow an attacker to trigger memory corruption via local access to the affected software.
What this means
What could happen
Memory corruption could cause the EV charging communication software to crash or behave unpredictably, potentially interrupting charging operations or leaving a charging session in an undefined state.
Who's at risk
Electric utility operators and charging station operators who use OpenV2G-based systems for EV charging infrastructure should be aware of this vulnerability. This impacts any charging management station or backend system running the vulnerable OpenV2G library.
How it could be exploited
An attacker with local access to a system running OpenV2G V0.9.4 could provide specially crafted input to trigger a buffer overflow, causing memory corruption that leads to denial of service or potential code execution.
Prerequisites
- Local access to the system running OpenV2G
- Ability to provide input to the vulnerable code path
buffer overflow vulnerabilitymemory corruptionlocal exploitation requiredlow EPSS score
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
OpenV2GV0.9.40.9.5
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate OpenV2G to version 0.9.5 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/e1202426-2a0e-478b-9ad2-9232c07379a2