CVE-2022-27242

Name
CVE-2022-27242
Description
A vulnerability has been identified in OpenV2G (V0.9.4). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://cert-portal.siemens.com/productcert/pdf/ssa-736385.pdf

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:siemens:openv2g:0.9.4:*:*:*:*:*:*:* openv2g == None == 0.9.4

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
openv2g 3.16-community 0.9.4-r4 Olliver Schinagl <oliver@schinagl.nl> possibly vulnerable
openv2g edge-community 0.9.4-r5 Olliver Schinagl <oliver@schinagl.nl> possibly vulnerable
openv2g 3.17-community 0.9.4-r5 Olliver Schinagl <oliver@schinagl.nl> possibly vulnerable
openv2g 3.18-community 0.9.4-r5 Olliver Schinagl <oliver@schinagl.nl> possibly vulnerable