EVerest Off-by-One Stack Buffer Overflow Vulnerability in IsoMux Certificate Filename Handling
Vulnerability
A stack-based buffer overflow vulnerability has been identified in EVerest versions prior to 2026.02.0. The issue arises from an off-by-one error in the IsoMux module's certificate filename processing. When a filename length equals the maximum allowed (100 bytes), it can overflow a buffer, corrupting the stack and potentially leading to code execution. This vulnerability can be triggered by placing a crafted filename in the certificate directory, which is then processed during directory scanning.
Impact
Exploitation of this vulnerability causes a stack-based buffer overflow, which can corrupt the stack state and enable arbitrary code execution.
Reproduction
The vulnerability can be reproduced by creating a filename in the certificate directory that is exactly 100 bytes long. During the directory scanning process, this filename will be handled by the IsoMux module, where the off-by-one error allows the length to be mismanaged. The AddressSanitizer will log the stack-buffer-overflow error, indicating that the overflow has occurred.
Remediation
Users can upgrade to EVerest version 2026.02.0 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.