CVE-2022-27242

CVE-2022-27242

Name

CVE-2022-27242

Description

A vulnerability has been identified in OpenV2G (V0.9.4). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
CONFIRM	https://cert-portal.siemens.com/productcert/pdf/ssa-736385.pdf

Type

URI

CONFIRM

https://cert-portal.siemens.com/productcert/pdf/ssa-736385.pdf

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:siemens:openv2g:0.9.4:::::::*`	openv2g	== None	== 0.9.4

CPE URI

Source package

Min version

Max version

cpe:2.3:a:siemens:openv2g:0.9.4:*:*:*:*:*:*:*

openv2g

== None

== 0.9.4

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
openv2g	3.16-community	0.9.4-r4	Olliver Schinagl <oliver@schinagl.nl>	possibly vulnerable
openv2g	edge-community	0.9.4-r5	Olliver Schinagl <oliver@schinagl.nl>	possibly vulnerable
openv2g	3.17-community	0.9.4-r5	Olliver Schinagl <oliver@schinagl.nl>	possibly vulnerable
openv2g	3.18-community	0.9.4-r5	Olliver Schinagl <oliver@schinagl.nl>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

openv2g

3.16-community

0.9.4-r4

Olliver Schinagl <oliver@schinagl.nl>

possibly vulnerable

openv2g

edge-community