CVE-2025-68138

medium

Description

EVerest is an EV charging software stack, and EVerest libocpp is a C++ implementation of the Open Charge Point Protocol. In libocpp prior to version 0.30.1, pointers returned by the `strdup` calls are never freed. At each connection attempt, the newly allocated memory area will be leaked, potentially causing memory exhaustion and denial of service. Version 0.30.1 fixes the issue.

References

https://github.com/EVerest/libocpp/blob/89c7b62ec899db637f43b54f19af2c4af30cfa66/lib/ocpp/common/websocket/websocket_libwebsockets.cpp

https://github.com/EVerest/everest-core/security/advisories/GHSA-f8c2-44c3-7v55

Details

Source: Mitre, NVD

Published: 2026-01-21

Risk Information

CVSS v2

Base Score: 3.3

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P

Severity: Low

CVSS v3

Base Score: 4.7

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Severity: Medium

Detections

Analytics