exploitDog

CVE-2023-49955

Опубликовано: 07 дек. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It does not validate the length of the chargePointVendor field in a BootNotification message, potentially leading to server instability and a denial of service when processing excessively large inputs. NOTE: the vendor's perspective is "OCPP.Core is intended for use in a protected environment/network."

Ссылки

https://github.com/dallmann-consulting/OCPP.Core/issues/32
Exploit
Issue Tracking
Vendor Advisory
https://github.com/dallmann-consulting/OCPP.Core/issues/32
Exploit
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dallmann-consulting:open_charge_point_protocol:*:*:*:*:*:*:*:*

Версия до 1.2.0 (исключая)

EPSS

Процентиль: 59%

0.00379

Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-r83w-76v6-vh75

CVSS3: 7.5

github

около 2 лет назад

An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It does not validate the length of the chargePointVendor field in a BootNotification message, potentially leading to server instability and a denial of service when processing excessively large inputs. NOTE: the vendor's perspective is "OCPP.Core is intended for use in a protected environment/network."

EPSS

Процентиль: 59%

0.00379

Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo