EVerest libocpp Memory Leak Vulnerability Leading to Denial-of-Service

A memory leak vulnerability has been identified in EVerest libocpp, a C++ implementation of the Open Charge Point Protocol, prior to version 0.30.1. The issue arises because pointers returned by 'strdup' calls are not freed, leading to memory exhaustion. This memory leak can cause a denial-of-service condition, particularly during frequent reconnection attempts to the Central System Management Service (CSMS). The vulnerability was discovered during a security audit by Quarkslab.

Impact

Exploitation of this vulnerability can lead to memory exhaustion, causing a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by initiating a websocket connection using the 'WebsocketLibwebsockets::thread_websocket_client_loop' function. During each connection attempt, the 'strdup' method is used to allocate memory for the CSMS hostname and the charge point ID. However, this allocated memory is never freed. If the connection fails or needs to be reestablished frequently, the leaked memory can accumulate, potentially leading to exhaustion.

Remediation

Users can upgrade to libocpp version 0.30.1 or later, where this vulnerability has been fixed.