CVE-2024-4080

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-4080
A memory corruption issue due to an improper length check in LabVIEW tdcore.dll may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-issues-due-to-improper-length-checks-in-labview.html Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2021:-:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2021:sp1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*
History

05 Sep 2024, 17:16

Type Values Removed Values Added
CPE cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:*
cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2021:sp1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2021:-:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*
First Time Ni
Ni labview
References () https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-issues-due-to-improper-length-checks-in-labview.html - () https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-issues-due-to-improper-length-checks-in-labview.html - Vendor Advisory
CWE CWE-787
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8

23 Jul 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-23 14:15

Updated : 2024-09-05 17:16

NVD link : CVE-2024-4080

Mitre link : CVE-2024-4080

JSON object : View

Products Affected

ni

  • labview
CWE
CWE-787

Out-of-bounds Write