{"id":"CVE-2024-37310","summary":"EVerest has an integer overflow in the \"v2g_incoming_v2gtp\" function ","details":"EVerest is an EV charging software stack. An integer overflow in the \"v2g_incoming_v2gtp\" function in the v2g_server.cpp implementation can allow a remote attacker to overflow the process' heap. This vulnerability is fixed in 2024.3.1 and 2024.6.0.","aliases":["GHSA-8g9q-7qr9-vc96"],"modified":"2026-04-12T09:10:30.266430Z","published":"2024-07-10T19:39:36.860Z","database_specific":{"cwe_ids":["CWE-122","CWE-190"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/37xxx/CVE-2024-37310.json"},"references":[{"type":"WEB","url":"https://github.com/EVerest/everest-core/releases/tag/2024.3.1"},{"type":"WEB","url":"https://github.com/EVerest/everest-core/releases/tag/2024.6.0"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/37xxx/CVE-2024-37310.json"},{"type":"ADVISORY","url":"https://github.com/EVerest/everest-core/security/advisories/GHSA-8g9q-7qr9-vc96"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37310"},{"type":"FIX","url":"https://github.com/EVerest/everest-core/commit/f73620c4c0f626e1097068a47e10cc27b369ad8e"},{"type":"ARTICLE","url":"https://plaxidityx.com/blog/automotive-cyber-security/ev-cyber-security-plaxidityx-discovers-critical-vulnerability-in-everest-open-source-ev-charging-firmware-stack-cve-2024-37310/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/everest/everest","events":[{"introduced":"0"},{"fixed":"f73620c4c0f626e1097068a47e10cc27b369ad8e"}]},{"type":"GIT","repo":"https://github.com/everest/everest","events":[{"introduced":"0"},{"fixed":"48de33ac9ab5388b7223da60996797f8f7c9e8ed"}]},{"type":"GIT","repo":"https://github.com/everest/everest","events":[{"introduced":"0"},{"fixed":"e9d8f3912d9e834823c8ce6776148a8490a29f54"}]},{"type":"GIT","repo":"https://github.com/everest/everest","events":[{"introduced":"0"},{"fixed":"f73620c4c0f626e1097068a47e10cc27b369ad8e"}]},{"type":"GIT","repo":"https://github.com/everest/everest","events":[{"introduced":"0"},{"fixed":"48de33ac9ab5388b7223da60996797f8f7c9e8ed"}]},{"type":"GIT","repo":"https://github.com/everest/everest","events":[{"introduced":"0"},{"fixed":"e9d8f3912d9e834823c8ce6776148a8490a29f54"}]}],"versions":["2022.12.0","2022.12.1","2023.1.0","2023.10.0","2023.12.0","2023.2.0","2023.2.1","2023.3.0","2023.5.0","2023.6.0","2023.7.0","2023.8.0","2023.9.0","2023.9.1","2024.1.0","2024.2.0","2024.3.0","2024.3.0-rc1","2024.3.0-rc2","2024.4.0","2024.5.0","2024.6.0-rc1","2024.6.0-rc2","2024.6.0-rc3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-37310.json","vanir_signatures":[{"deprecated":false,"target":{"file":"modules/EvseV2G/v2g_server.cpp"},"source":"https://github.com/everest/everest/commit/f73620c4c0f626e1097068a47e10cc27b369ad8e","id":"CVE-2024-37310-0489e1b6","digest":{"threshold":0.9,"line_hashes":["98421329210660733041620408925682474019","188991328968786878031145155821002593523","109077466648644733382755224527592264638","33158996296589409571962795484500597848","176368671884491252475034809975154071795","50180581514432767716776976427104106612","21669897119440114750005770894910376251","84214380946127772432311572206014991794"]},"signature_type":"Line","signature_version":"v1"},{"deprecated":false,"target":{"function":"v2g_incoming_v2gtp","file":"modules/EvseV2G/v2g_server.cpp"},"source":"https://github.com/everest/everest/commit/f73620c4c0f626e1097068a47e10cc27b369ad8e","id":"CVE-2024-37310-2402323a","digest":{"length":1433,"function_hash":"332865817036262164220619062645379756431"},"signature_type":"Function","signature_version":"v1"},{"deprecated":false,"target":{"file":"modules/EvseV2G/v2g_server.cpp"},"source":"https://github.com/everest/everest/commit/48de33ac9ab5388b7223da60996797f8f7c9e8ed","id":"CVE-2024-37310-5bd1edc6","digest":{"threshold":0.9,"line_hashes":["98421329210660733041620408925682474019","188991328968786878031145155821002593523","109077466648644733382755224527592264638","33158996296589409571962795484500597848","176368671884491252475034809975154071795","50180581514432767716776976427104106612","21669897119440114750005770894910376251","84214380946127772432311572206014991794"]},"signature_type":"Line","signature_version":"v1"},{"deprecated":false,"target":{"function":"v2g_incoming_v2gtp","file":"modules/EvseV2G/v2g_server.cpp"},"source":"https://github.com/everest/everest/commit/48de33ac9ab5388b7223da60996797f8f7c9e8ed","id":"CVE-2024-37310-8406c5f6","digest":{"length":1433,"function_hash":"332865817036262164220619062645379756431"},"signature_type":"Function","signature_version":"v1"}],"vanir_signatures_modified":"2026-04-12T09:10:30Z"}},{"ranges":[{"type":"GIT","repo":"https://github.com/everest/everest-core","events":[{"introduced":"0"},{"fixed":"48de33ac9ab5388b7223da60996797f8f7c9e8ed"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2024.3.1"}]}},{"type":"GIT","repo":"https://github.com/everest/everest-core","events":[{"introduced":"f1ad5ccf33de21e7cb507f6e421bfd3930534630"},{"fixed":"e9d8f3912d9e834823c8ce6776148a8490a29f54"}],"database_specific":{"versions":[{"introduced":"2024.4.0"},{"fixed":"2024.6.0"}]}}],"versions":["2022.12.0","2022.12.1","2023.1.0","2023.10.0","2023.12.0","2023.2.0","2023.2.1","2023.3.0","2023.5.0","2023.6.0","2023.7.0","2023.8.0","2023.9.0","2023.9.1","2024.1.0","2024.2.0","2024.3.0","2024.3.0-rc1","2024.3.0-rc2","2024.4.0","2024.5.0","2024.6.0-rc1","2024.6.0-rc2","2024.6.0-rc3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-37310.json","vanir_signatures":[{"deprecated":false,"target":{"function":"v2g_incoming_v2gtp","file":"modules/EvseV2G/v2g_server.cpp"},"source":"https://github.com/everest/everest-core/commit/48de33ac9ab5388b7223da60996797f8f7c9e8ed","id":"CVE-2024-37310-2ff56837","digest":{"length":1433,"function_hash":"332865817036262164220619062645379756431"},"signature_type":"Function","signature_version":"v1"},{"deprecated":false,"target":{"file":"modules/EvseV2G/v2g_server.cpp"},"source":"https://github.com/everest/everest-core/commit/48de33ac9ab5388b7223da60996797f8f7c9e8ed","id":"CVE-2024-37310-8095eea6","digest":{"threshold":0.9,"line_hashes":["98421329210660733041620408925682474019","188991328968786878031145155821002593523","109077466648644733382755224527592264638","33158996296589409571962795484500597848","176368671884491252475034809975154071795","50180581514432767716776976427104106612","21669897119440114750005770894910376251","84214380946127772432311572206014991794"]},"signature_type":"Line","signature_version":"v1"}],"vanir_signatures_modified":"2026-04-12T09:10:30Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}]}