VYPR
Unrated severityOSV Advisory· Published Jan 21, 2026· Updated Jan 21, 2026

EVerest has out-of-bounds read in DZG_GSH01 SLIP CRC parser that can crash powermeter driver

CVE-2025-68132

Description

EVerest is an EV charging software stack. Prior to version 2025.12.0, is_message_crc_correct in the DZG_GSH01 powermeter SLIP parser reads vec[vec.size()-1] and vec[vec.size()-2] without checking that at least two bytes are present. Malformed SLIP frames on the serial link can reach is_message_crc_correct with vec.size() < 2 (only via the multi-message path), causing an out-of-bounds read before CRC verification and pop_back underflow. Therefore, an attacker controlling the serial input can reliably crash the process. Version 2025.12.0 fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Everest/Everest CoreOSV2 versions
    2022.12.0, 2022.12.1, 2023.1.0, …+ 1 more
    • (no CPE)range: 2022.12.0, 2022.12.1, 2023.1.0, …
    • (no CPE)range: <2025.12.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.