Executive Summary

This vulnerability in libocpp before version 0.28.0 causes a denial of service (EVerest crash) due to a secondary exception being thrown during error message generation when handling malformed or invalid JSON messages. Specifically, when a JSON parsing error occurs, the system attempts to generate an error message, but if this error message generation itself throws another JSON exception, it leads to a crash. The fix involves catching these secondary exceptions and sending a properly formatted error message instead, preventing the crash and improving robustness. [1, 2]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can cause a denial of service by crashing the EVerest system when it receives malformed or invalid JSON messages. This crash disrupts normal operation, potentially causing downtime or loss of service availability. It affects the stability and reliability of systems using libocpp versions before 0.28.0 when processing erroneous input. [1, 2]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability manifests as a denial of service (EVerest crash) triggered by malformed or invalid JSON messages causing secondary exceptions during error message generation in libocpp. Detection can involve monitoring logs for repeated JSON parsing errors or crashes related to message handling in the libocpp ChargePoint component. Since the issue occurs during JSON parsing and error message generation, you can look for error messages or logs indicating JSON exceptions or CallError responses with error codes like "RpcFrameworkError" or "GenericError" and MessageId "-1". Specific commands depend on your logging and monitoring setup, but generally, you can use commands to search logs for these error patterns, for example: 1. Using grep on log files: grep -iE 'json exception|callerror|rpcframeworkerror|genericerror' /path/to/libocpp/logs.log 2. Using journalctl if libocpp logs to systemd journal: journalctl -u libocpp.service | grep -iE 'json exception|callerror|rpcframeworkerror|genericerror' 3. Monitoring for process crashes or restarts of the EVerest/libocpp service using systemctl or ps commands. These approaches help detect if malformed messages are causing the vulnerability to trigger. [1]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to update libocpp to version 0.28.0 or later, where the vulnerability is fixed by improved JSON exception handling that prevents secondary exceptions and crashes. The patch wraps error message generation in try-catch blocks to handle JSON exceptions gracefully and sends properly formatted error messages instead of truncated or malformed ones. If updating immediately is not possible, consider implementing input validation or filtering to block malformed JSON messages before they reach libocpp, and monitor for error logs indicating JSON parsing issues to respond quickly to attacks. Additionally, ensure your system's logging and monitoring are configured to detect symptoms of this vulnerability. [1, 2]

Useful 0 Not Useful 0