LabVIEWdll Memory Corruption Vulnerability May Lead to Information Disclosure or Code Execution
CVE-2024-4080

8.4HIGH

Key Information:

Vendor: Ni
Status: Labview
Vendor: CVE Published:; 23 July 2024

What is CVE-2024-4080?

The vulnerability identified in LabVIEW is a memory corruption issue stemming from an improper length check in the tdcore.dll component. This flaw can potentially lead to information disclosure or allow an attacker to execute arbitrary code on the affected system. Exploitation requires an attacker to deliver a specifically crafted virtual instrument (VI) to the user. This issue affects various versions of LabVIEW released up to and including LabVIEW 2024 Q1. It is crucial for users and administrators to apply necessary security updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

LabVIEW 0 <= 24.1

References

https://www.ni.com/en/support/security/available-critical...

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2024
Vulnerability Reserved
Apr 23, 2024

Credit

Michael Heinzl working with CISA

Ni

What is CVE-2024-4080?

Affected Version(s)

References

CVSS V4

Timeline

Credit