CVE-2024-4081Out-of-bounds Write in Labview

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
8.4HIGHNVD
EPSS
0.1%
top 67.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
NI Labview
Timeline
PublishedJul 23

Description

A memory corruption issue due to an improper length check in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects NI LabVIEW 2024 Q1 and prior versions.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

NVDni/labview2020+4

🔴Vulnerability Details

1
GHSA
GHSA-3phj-hmw4-hjjw: A memory corruption issue due to an improper length check in NI LabVIEW may disclose information or result in arbitrary code execution2024-07-23

📋Vendor Advisories

1
CISA ICS
National Instruments LabVIEW2024-07-23
CVE-2024-4081 — Out-of-bounds Write in NI Labview | cvebase