Critical severity9.0NVD Advisory· Published Jul 10, 2024· Updated Apr 15, 2026

CVE-2024-37310

Description

EVerest is an EV charging software stack. An integer overflow in the "v2g_incoming_v2gtp" function in the v2g_server.cpp implementation can allow a remote attacker to overflow the process' heap. This vulnerability is fixed in 2024.3.1 and 2024.6.0.

Patches

f73620c4c0f6

https://github.com/everest/everestvia osv

48de33ac9ab5

https://github.com/everest/everestvia osv

e9d8f3912d9e

https://github.com/everest/everestvia osv

48de33ac9ab5

https://github.com/everest/everest-corevia osv

e9d8f3912d9e

https://github.com/everest/everest-corevia osv

f73620c4c0f6

https://github.com/everest/everest-corevia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/EVerest/everest-core/commit/f73620c4c0f626e1097068a47e10cc27b369ad8envd
github.com/EVerest/everest-core/releases/tag/2024.3.1nvd
github.com/EVerest/everest-core/releases/tag/2024.6.0nvd
github.com/EVerest/everest-core/security/advisories/GHSA-8g9q-7qr9-vc96nvd
plaxidityx.com/blog/automotive-cyber-security/ev-cyber-security-plaxidityx-discovers-critical-vulnerability-in-everest-open-source-ev-charging-firmware-stack-cve-2024-37310/nvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.002
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000