Описание
A vulnerability has been identified in OpenV2G (All versions < V0.9.6). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.9.6 (исключая)
cpe:2.3:a:siemens:openv2g:*:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00134
Низкий
6.2 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-120
Связанные уязвимости
CVSS3: 6.2
github
12 месяцев назад
A vulnerability has been identified in OpenV2G (All versions < V0.9.6). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption.
EPSS
Процентиль: 33%
0.00134
Низкий
6.2 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-120