Labview
CVE-2024-4079
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An out of bounds read due to a missing bounds check in LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.
AnalysisAI
An out of bounds read due to a missing bounds check in LabVIEW may disclose information or result in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. An out of bounds read due to a missing bounds check in LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. Affected products include: Ni Labview.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabV
An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW
Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows
Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWi
Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may res
Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformation() that may result
Memory corruption via out-of-bounds read in NI LabVIEW's mgcore_SH_25_3!aligned_free() function enables information disc
Memory corruption in NI LabVIEW 26.1.0 and earlier allows local attackers to execute arbitrary code or disclose sensitiv
Memory corruption in NI LabVIEW's ResFileFactory::InitResourceMgr() function allows arbitrary code execution or informat
Memory corruption via out-of-bounds write in NI LabVIEW allows arbitrary code execution and information disclosure when
Memory corruption via out-of-bounds write in NI LabVIEW allows arbitrary code execution when processing malicious LVLIB
An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW may disclose informa
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today