CVE-2008-1842

Published: Apr 16, 2008Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 8.01, and 7.53 and earlier, allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow.

Affected (17)

Products: Hp: Openview Network Node Manager

1 product

Openview Network Node Manager

Configuration A

17 vulnerable

Vulnerable Software	Affected Versions
Hp Openview Network Node Manager	Up to 7.53
Hp Openview Network Node Manager	Version 4.11
Hp Openview Network Node Manager	Version 5.0.1
Hp Openview Network Node Manager	Version 5.01
Hp Openview Network Node Manager	Version 6.0.1
Hp Openview Network Node Manager	Version 6.10
Hp Openview Network Node Manager	Version 6.1
Hp Openview Network Node Manager	Version 6.20
Hp Openview Network Node Manager	Version 6.2
Hp Openview Network Node Manager	Version 6.31
Hp Openview Network Node Manager	Version 6.41
Hp Openview Network Node Manager	Version 6.4
Hp Openview Network Node Manager	Version 7.0.1
Hp Openview Network Node Manager	Version 7.01
Hp Openview Network Node Manager	Version 7.50
Hp Openview Network Node Manager	Version 7.51
Hp Openview Network Node Manager	Version 8.01