CVE-2024-23611

Out of Bounds Write Due to Missing Bounds Check in LabVIEW

CVSS 7.8 HIGHEPSS 0.6%CWE-787

In short

LabVIEW has a flaw where it writes data outside allocated memory bounds, allowing an attacker to execute malicious code if you open a specially crafted file. This is dangerous because it gives attackers direct control over your computer.

Technical detail

An out-of-bounds write vulnerability exists due to missing bounds validation in LabVIEW's memory handling. The attack vector requires user interaction (opening a malicious VI file), but upon successful exploitation, arbitrary code execution is achieved with the privileges of the LabVIEW process. Affected versions include LabVIEW 2024 Q1 and earlier.

Summary generated and translated by AI from the official description.

An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

NI · LabVIEW

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html