Skip to main content

Labview CVE-2024-4079

HIGH
Out-of-bounds Read (CWE-125)
2024-07-23 security@ni.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 23, 2024 - 14:15 nvd
HIGH 7.8

DescriptionNVD

An out of bounds read due to a missing bounds check in LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

AnalysisAI

An out of bounds read due to a missing bounds check in LabVIEW may disclose information or result in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. An out of bounds read due to a missing bounds check in LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. Affected products include: Ni Labview.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2017-2775 HIGH POC
7.5 Mar 31

An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabV

CVE-2017-2779 HIGH POC
7.5 Sep 05

An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW

CVE-2013-5022 CRITICAL
10.0 Aug 06

Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows

CVE-2013-5021 CRITICAL
9.3 Aug 06

Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWi

CVE-2025-2632 HIGH
8.5 Apr 09

Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may res

CVE-2025-2631 HIGH
8.5 Apr 09

Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformation() that may result

CVE-2026-32864 HIGH
8.5 Apr 07

Memory corruption via out-of-bounds read in NI LabVIEW's mgcore_SH_25_3!aligned_free() function enables information disc

CVE-2026-32863 HIGH
8.5 Apr 07

Memory corruption in NI LabVIEW 26.1.0 and earlier allows local attackers to execute arbitrary code or disclose sensitiv

CVE-2026-32862 HIGH
8.5 Apr 07

Memory corruption in NI LabVIEW's ResFileFactory::InitResourceMgr() function allows arbitrary code execution or informat

CVE-2026-32861 HIGH
8.5 Apr 07

Memory corruption via out-of-bounds write in NI LabVIEW allows arbitrary code execution and information disclosure when

CVE-2026-32860 HIGH
8.5 Apr 07

Memory corruption via out-of-bounds write in NI LabVIEW allows arbitrary code execution when processing malicious LVLIB

CVE-2024-10496 HIGH
8.4 Dec 10

An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW may disclose informa

Share

CVE-2024-4079 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy