A vulnerability has been identified in OpenV2G (V0.9.4).... · CVE-2022-27242 · GitHub Advisory Database · GitHub

A vulnerability has been identified in OpenV2G (V0.9.4)....

Moderate severity Unreviewed Published May 21, 2022 to the GitHub Advisory Database • Updated Jan 28, 2023

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

A vulnerability has been identified in OpenV2G (V0.9.4). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption.

References

Published by the National Vulnerability Database

May 20, 2022

Published to the GitHub Advisory Database May 21, 2022

Last updated Jan 28, 2023

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Local

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H