Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 8.01, and 7.53 and earlier, allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow.
2008-04-16T17:05:00.000
2025-04-09T00:30:58.490
Deferred
CVSSv2: 10.0 (HIGH)
AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | hp | openview_network_node_manager | ≤ 7.53 | Yes |
| Application | hp | openview_network_node_manager | 4.11 | Yes |
| Application | hp | openview_network_node_manager | 5.0.1 | Yes |
| Application | hp | openview_network_node_manager | 5.01 | Yes |
| Application | hp | openview_network_node_manager | 6.0.1 | Yes |
| Application | hp | openview_network_node_manager | 6.1 | Yes |
| Application | hp | openview_network_node_manager | 6.2 | Yes |
| Application | hp | openview_network_node_manager | 6.4 | Yes |
| Application | hp | openview_network_node_manager | 6.10 | Yes |
| Application | hp | openview_network_node_manager | 6.20 | Yes |
| Application | hp | openview_network_node_manager | 6.31 | Yes |
| Application | hp | openview_network_node_manager | 6.41 | Yes |
| Application | hp | openview_network_node_manager | 7.0.1 | Yes |
| Application | hp | openview_network_node_manager | 7.01 | Yes |
| Application | hp | openview_network_node_manager | 7.50 | Yes |
| Application | hp | openview_network_node_manager | 7.51 | Yes |
| Application | hp | openview_network_node_manager | 8.01 | Yes |