Primary

Context

EVerest libocpp Denial-of-Service Vulnerability via Oversized JSON Input

Vulnerability

A denial-of-service vulnerability has been identified in the OCPP implementation of libocpp, prior to version 0.26.2. This issue arises when JSON input exceeds 255 characters, leading to a crash in the EVerest application. The vulnerability is caused by the creation of a CiString<255> object, which triggers a runtime error when the input is too large.

Impact

Exploitation of this vulnerability causes a crash of the EVerest application, leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending randomized JSON input larger than 255 characters to an OCPP 2.0.1 charge point implemented with an affected version of libocpp. This can be done using a fuzzing tool that targets the message receiver for the OCPP 2.0.1 module.

Remediation

Users can update to libocpp version 0.26.2 or later, where this vulnerability has been addressed.

Added: Sep 15, 2025, 10:49 PM

Updated: Sep 15, 2025, 10:49 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

EVerest libocpp Denial-of-Service Vulnerability via Oversized JSON Input

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating