Libocpp
CVE-2025-68138
MEDIUM
Severity by source
AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
Lifecycle Timeline
2DescriptionGitHub Advisory
EVerest is an EV charging software stack, and EVerest libocpp is a C++ implementation of the Open Charge Point Protocol. In libocpp prior to version 0.30.1, pointers returned by the strdup calls are never freed. At each connection attempt, the newly allocated memory area will be leaked, potentially causing memory exhaustion and denial of service. Version 0.30.1 fixes the issue.
AnalysisAI
Libocpp versions up to 0.30.1 is affected by allocation of resources without limits or throttling (CVSS 4.7).
Technical ContextAI
This vulnerability (CWE-770: Allocation of Resources Without Limits or Throttling) affects Libocpp. EVerest is an EV charging software stack, and EVerest libocpp is a C++ implementation of the Open Charge Point Protocol. In libocpp prior to version 0.30.1, pointers returned by the strdup calls are never freed. At each connection attempt, the newly allocated memory area will be leaked, potentially causing memory exhaustion and denial of service. Version 0.30.1 fixes the issue.
RemediationAI
Monitor vendor advisories for a patch.
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today