CVE-2024-23608

Out of Bounds Write Due to Missing Bounds Check in LabVIEW

CVSS 7.8 HIGHEPSS 0.6%CWE-787

In short

LabVIEW has a flaw that allows writing data outside memory boundaries when processing specially crafted files, which could let attackers run malicious code if a user opens a compromised VI file.

Technical detail

An out-of-bounds write vulnerability due to missing bounds validation in LabVIEW allows remote code execution. The attack vector requires social engineering to deliver a malicious VI file; upon user execution, memory corruption occurs enabling arbitrary code execution. Affected versions: LabVIEW 2024 Q1 and prior.

Summary generated and translated by AI from the official description.

An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

NI · LabVIEW

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html