EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name lon…

EVerest, an electric vehicle charging software stack, contains a critical stack-based buffer overflow vulnerability in its CAN interface initialization code. The vulnerability occurs when an interface name longer than IFNAMSIZ (16 characters) is passed to CAN open routines, causing an overflow of the ifreq.ifr_name buffer. This corruption of adjacent stack data can potentially enable code execution. The vulnerability can be triggered by a malicious or misconfigured interface name before any privilege checks are performed. All versions prior to 2026.02.0 are affected, and a patch is available in version 2026.02.0.