CVE-2024-23608

Published: Mar 11, 2024Modified: Feb 27, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

Affected (10)

Products: Ni: Labview

1 product

Labview

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Ni Labview	Up to 2020
Ni Labview	Version 2021
Ni Labview	Version 2021 sp1
Ni Labview	Version 2022 q1
Ni Labview	Version 2022 q3
Ni Labview	Version 2023 q1
Ni Labview	Version 2023 q3
Ni Labview	Version 2023 q3_patch1
Ni Labview	Version 2023 q3_patch2
Ni Labview	Version 2024 q1

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html

Source: security@ni.com

PatchVendor Advisory

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.