CVE-2024-4080Out-of-bounds Write in Labview

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-476NULL Pointer Dereference4 documents4 sources
Severity
8.4HIGHNVD
EPSS
0.1%
top 67.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
NI Labview
Timeline
PublishedJul 23
Latest updateDec 27

Description

A memory corruption issue due to an improper length check in LabVIEW tdcore.dll may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

NVDni/labview2020+4

🔴Vulnerability Details

1
GHSA
GHSA-m6fq-wgpr-hqx9: A memory corruption issue due to an improper length check in LabVIEW tdcore2024-07-23

📋Vendor Advisories

2
Red Hat
kernel: udmabuf: change folios array from kmalloc to kvmalloc2024-12-27
CISA ICS
National Instruments LabVIEW2024-07-23
CVE-2024-4080 — Out-of-bounds Write in NI Labview | cvebase