CVE-2024-4079

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-4079
An out of bounds read due to a missing bounds check in LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-due-to-missing-bounds-check-in-labview.html Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2021:-:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2021:sp1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*
History

05 Sep 2024, 17:12

Type Values Removed Values Added
CPE cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2021:-:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*
cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2021:sp1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*
References () https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-due-to-missing-bounds-check-in-labview.html - () https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-due-to-missing-bounds-check-in-labview.html - Vendor Advisory
First Time Ni labview
Ni

24 Jul 2024, 12:55

Type Values Removed Values Added
Summary
  • (es) Una lectura fuera de los límites debido a una verificación de límites faltantes en LabVIEW puede revelar información o resultar en la ejecución de código arbitrario. La explotación exitosa requiere que un atacante proporcione al usuario un VI especialmente manipulado. Esta vulnerabilidad afecta a LabVIEW 2024 Q1 y versiones anteriores.

23 Jul 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-23 14:15

Updated : 2024-09-05 17:12

NVD link : CVE-2024-4079

Mitre link : CVE-2024-4079

CVE.ORG link : CVE-2024-4079

JSON object : View

Products Affected

ni

  • labview
CWE
CWE-125

Out-of-bounds Read