EVerest Homeplug Message Stack Overflow Vulnerability Leading to Remote Code Execution

A stack overflow vulnerability has been identified in EVerest, an EV charging software stack, prior to version 2026.02.0. The issue arises in the 'HomeplugMessage::setup_payload' function, where the payload length is trusted after an assertion check. In release builds, this check is removed, allowing oversized SLAC payloads to be copied into a stack buffer of approximately 1497 bytes. This buffer overflow corrupts the stack and enables remote code execution via network-provided frames.

Impact

Exploitation of this vulnerability allows for stack corruption, leading to arbitrary code execution on the affected system.

Reproduction

The vulnerability can be reproduced by sending a SLAC frame with a payload larger than the maximum allowed length, after removing the assertion check by compiling with the 'NDEBUG' flag. This can be done using a tool that crafts and sends network packets, such as Scapy or a custom script, targeting the application while it is running.

Remediation

Users are advised to update to EVerest version 2026.02.0 or later, where this vulnerability has been patched.