Tag

Everest

3 briefs RSS

EVerest CAN Interface Stack Buffer Overflow Vulnerability (CVE-2026-23995)

A stack-based buffer overflow vulnerability exists in EVerest EV charging software stack versions prior to 2026.02.0. Passing an interface name longer than 16 characters to CAN open routines overflows `ifreq.ifr_name`, potentially leading to code execution.

everest buffer-overflow cve-2026-23995 ev-charging

2r 3t Mar 27, 2026

medium advisory

EVerest EV Charging Stack Data Race Vulnerability (CVE-2026-26074)

2 rules

EVerest versions prior to 2026.02.0 exhibit a data race vulnerability (CVE-2026-26074) where concurrent network requests and physical events can corrupt the event queue, leading to potential denial of service or other undefined behavior.

cve-2026-26074 data-race ev-charging everest

2r Mar 26, 2026

critical advisory

EVerest EV Charging Stack Remote Code Execution via Stack Buffer Overflow (CVE-2026-22790)

2 rules 1 TTP 1 IOC

EVerest versions before 2026.02.0 are vulnerable to a stack-based buffer overflow (CVE-2026-22790) in the `HomeplugMessage::setup_payload` function, enabling remote code execution via network frames with oversized SLAC payloads.

everest rce buffer-overflow cve-2026-22790

2r 1t 1i Mar 26, 2026