Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3849Improper Restriction of Operations within the Bounds of a Memory Buffer in HP Openview Network Node Manager

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
10.0CRITICALNVD
EPSS
83.4%
top 0.72%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
HP Openview Network Node Manager
Timeline
PublishedDec 10
Latest updateMay 2

Description

Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a long Oid parameter to snmp.exe.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDhp/openview_network_node_manager7.0.1, 7.51, 7.53+2

Patches

Patch: h20000.www2.hp.comPatch: h20000.www2.hp.com

🔴Vulnerability Details

2
GHSA
GHSA-wvm2-f86x-hhgx: Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 72022-05-02
CVEList
CVE-2009-3849: Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 72009-12-10

💥Exploits & PoCs

1
Exploit-DB
HP OpenView Network Node Manager (OV NNM) - 'Snmp.exe' CGI Buffer Overflow (Metasploit)2010-11-11

💬Community

1
Bugzilla
CVE-2009-3829 wireshark: unsigned integer wrap vulnerability in ERF reader (VU#676492)2009-11-02
CVE-2009-3849 — HP vulnerability | cvebase