Description

EVerest is an EV charging software stack, and EVerest libocpp is a C++ implementation of the Open Charge Point Protocol. In libocpp prior to version 0.30.1, pointers returned by the `strdup` calls are never freed. At each connection attempt, the newly allocated memory area will be leaked, potentially causing memory exhaustion and denial of service. Version 0.30.1 fixes the issue.

INFO

Published Date :

2026-01-21T19:30:49.196Z

Last Modified :

2026-01-22T21:56:29.394Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-68138 vulnerability.

Vendors Products
Everest
  • Everest-core
Linuxfoundation
  • Libocpp
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-68138.

URL Resource
https://github.com/EVerest/everest-core/security/advisories/GHSA-f8c2-44c3-7v55 cve-icon cve-icon
https://github.com/EVerest/libocpp/blob/89c7b62ec899db637f43b54f19af2c4af30cfa66/lib/ocpp/common/websocket/websocket_libwebsockets.cpp cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact