Skip to main content

Labview CVE-2024-23608

HIGH
Out-of-bounds Write (CWE-787)
2024-03-11 security@ni.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 11, 2024 - 16:15 nvd
HIGH 7.8

DescriptionNVD

An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

AnalysisAI

An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. Affected products include: Ni Labview.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2017-2775 HIGH POC
7.5 Mar 31

An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabV

CVE-2017-2779 HIGH POC
7.5 Sep 05

An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW

CVE-2013-5022 CRITICAL
10.0 Aug 06

Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows

CVE-2013-5021 CRITICAL
9.3 Aug 06

Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWi

CVE-2025-2632 HIGH
8.5 Apr 09

Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may res

CVE-2025-2631 HIGH
8.5 Apr 09

Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformation() that may result

CVE-2026-32864 HIGH
8.5 Apr 07

Memory corruption via out-of-bounds read in NI LabVIEW's mgcore_SH_25_3!aligned_free() function enables information disc

CVE-2026-32863 HIGH
8.5 Apr 07

Memory corruption in NI LabVIEW 26.1.0 and earlier allows local attackers to execute arbitrary code or disclose sensitiv

CVE-2026-32862 HIGH
8.5 Apr 07

Memory corruption in NI LabVIEW's ResFileFactory::InitResourceMgr() function allows arbitrary code execution or informat

CVE-2026-32861 HIGH
8.5 Apr 07

Memory corruption via out-of-bounds write in NI LabVIEW allows arbitrary code execution and information disclosure when

CVE-2026-32860 HIGH
8.5 Apr 07

Memory corruption via out-of-bounds write in NI LabVIEW allows arbitrary code execution when processing malicious LVLIB

CVE-2024-10496 HIGH
8.4 Dec 10

An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW may disclose informa

Share

CVE-2024-23608 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy