Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-1842 — Numeric Range Comparison Without Minimum Check in HP Openview Network Node Manager

CWE-1895 documents5 sources
Severity
10.0CRITICALNVD
EPSS
30.4%
top 3.30%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
HP Openview Network Node Manager
Timeline
PublishedApr 16
Latest updateMay 1

Description

Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 8.01, and 7.53 and earlier, allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-jvf2-9v86-52wv: Integer signedness error in ovspmd↗2022-05-01
â–¶
CVEList
CVE-2008-1842: Integer signedness error in ovspmd↗2008-04-16
â–¶

💥Exploits & PoCs

1
Exploit-DB
HP OpenView Network Node Manager 7.x - 'ovspmd' Buffer Overflow↗2008-04-08
â–¶

💬Community

1
Bugzilla
CVE-2007-4766: pcre < 7.3 integer overflows↗2007-11-20
â–¶
CVE-2008-1842 — HP vulnerability | cvebase