EVerest CAN Interface Stack Buffer Overflow Vulnerability (CVE-2026-23995)
A stack-based buffer overflow vulnerability exists in EVerest EV charging software stack versions prior to 2026.02.0. Passing an interface name longer than 16 characters to CAN open routines overflows `ifreq.ifr_name`, potentially leading to code execution.
EVerest is an open-source software stack for electric vehicle (EV) charging infrastructure. A stack-based buffer overflow vulnerability, tracked as CVE-2026-23995, affects versions prior to 2026.02.0. The vulnerability stems from improper handling of CAN (Controller Area Network) interface names during initialization. Specifically, when an interface name exceeding IFNAMSIZ (16 bytes) is supplied to CAN open routines, the ifreq.ifr_name buffer overflows, potentially corrupting adjacent stack…
Detection coverage 2
Detect Suspicious CAN Interface Names
highDetects potentially malicious CAN interface names in system configurations that exceed the allowed length.
Detect Everest Process Crash due to Signal 11
mediumDetects potential Everest process crashes related to the buffer overflow by monitoring for signal 11 (SIGSEGV).
Detection queries are kept inside the platform. Get full rules →