CVE-2007-5242
CVE-2007-5242 is a medium-severity vulnerability in Hp Openvms with a CVSS 2.0 base score of 4.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 4.3)
- EPSS exploit prediction: 2% (79th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Hp Openvms
- Published:
- Last modified:
Description
Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service (machine crash) via an "oversize" packet, which is not properly discarded if "the device has no remaining buffers after receipt of the first buffer segment."
Frequently asked questions
- What is CVE-2007-5242?
- Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) SYS$EI1000_MON.EXE in HP OpenVMS 8.3 and earlier allows remote attackers to cause a denial of service (machine crash) via an "oversize" packet, which is not properly discarded if "the device has no remaining buffers after receipt of the first buffer segment."
- How severe is CVE-2007-5242?
- CVE-2007-5242 has a CVSS 2.0 base score of 4.3, rated medium severity.
- Is CVE-2007-5242 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (79th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2007-5242?
- CVE-2007-5242 primarily affects Hp Openvms. In total, 2 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2007-5242?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2007-5242 published?
- CVE-2007-5242 was published on 2007-10-06 and last updated on 2026-06-16.
References
- http://mail.openvms.org:8100/Lists/alerts/Message/582.html
- http://mail.openvms.org:8100/Lists/alerts/Message/583.html
- http://osvdb.org/37812
- http://osvdb.org/37813
- http://secunia.com/advisories/27084
- http://www.securityfocus.com/bid/25939
- http://www.vupen.com/english/advisories/2007/3382
Affected products (2)
- cpe:2.3:o:hp:openvms:*:*:alpha:*:*:*:*:*
- cpe:2.3:o:hp:openvms:*:*:integrity:*:*:*:*:*
More vulnerabilities in Hp Openvms
- CVE-2008-5120 — Critical (CVSS 10.0): Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows…
- CVE-2017-17482 — High (CVSS 7.8): An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and through V8.4-2L1 on IA64, and VAX/VMS 4.0 and later. A…
- CVE-2007-0139 — High (CVSS 7.5): Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus…
- CVE-2008-4052 — High (CVSS 7.2): Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity Servers 8.2-1, 8.3, and 8.3-1H1 and OpenVMS ALPHA…
- CVE-2008-3947 — High (CVSS 7.2): DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain privileges via a long command line.
- CVE-2012-2010 — Medium (CVSS 6.9): The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha platform, and 8.3, 8.3-1H1, and 8.4 on the Itanium…