Unrated severityOSV Advisory· Published Jan 21, 2026· Updated Jan 22, 2026

EVerest affected by memory exhaustion in libocpp

CVE-2025-68138

Description

EVerest is an EV charging software stack, and EVerest libocpp is a C++ implementation of the Open Charge Point Protocol. In libocpp prior to version 0.30.1, pointers returned by the strdup calls are never freed. At each connection attempt, the newly allocated memory area will be leaked, potentially causing memory exhaustion and denial of service. Version 0.30.1 fixes the issue.

Affected products

Everest/LibocppOSV
Range: v0.1.0, v0.10.0, v0.11.0, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/EVerest/everest-core/security/advisories/GHSA-f8c2-44c3-7v55mitrex_refsource_CONFIRM
github.com/EVerest/libocpp/blob/89c7b62ec899db637f43b54f19af2c4af30cfa66/lib/ocpp/common/websocket/websocket_libwebsockets.cppmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000