CVE-2024-4081

A memory corruption issue due to an improper length check in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects NI LabVIEW 2024 Q1 and prior versions.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2021:-:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2021:sp1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*

History

12 Sep 2024, 16:43

Type Values Removed Values Added
CWE CWE-787
First Time Ni labview
Ni
CPE cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2021:-:*:*:*:*:*:*
cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2021:sp1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:*
cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*
References () https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-issues-due-to-improper-length-checks-in-labview.html - () https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-issues-due-to-improper-length-checks-in-labview.html - Vendor Advisory

24 Jul 2024, 12:55

Type Values Removed Values Added
Summary
  • (es) Un problema de corrupción de memoria debido a una verificación de longitud inadecuada en NI LabVIEW puede revelar información o resultar en la ejecución de código arbitrario. La explotación exitosa requiere que un atacante proporcione al usuario un VI especialmente manipulado. Esta vulnerabilidad afecta a NI LabVIEW 2024 Q1 y versiones anteriores.

23 Jul 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-23 14:15

Updated : 2024-09-12 16:43


NVD link : CVE-2024-4081

Mitre link : CVE-2024-4081

CVE.ORG link : CVE-2024-4081


JSON object : View

Products Affected

ni

  • labview
CWE
CWE-787

Out-of-bounds Write

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer