Lucene search

NIVULNRICHMENT:CVE-2024-4079

HistoryJul 23, 2024 - 1:19 p.m.

CVE-2024-4079 Out of Bounds Read Due to Missing Bounds Check in LabVIEW

2024-07-2313:19:35

CWE-125

github.com

cve-2024-4079

out of bounds read

labview

information disclosure

arbitrary code execution

vulnerability

specially crafted vi

bounds check

security issue

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

22.3%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

An out of bounds read due to a missing bounds check in LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*"
    ],
    "vendor": "ni",
    "product": "labview",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "semver",
        "lessThanOrEqual": "24.1"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-due-to-missing-bounds-check-in-labview.html

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

22.3%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-4079