NI LabVIEW Memory Corruption Vulnerability
CVE-2024-4081

8.4HIGH

Key Information:

Vendor: Ni
Status: Labview
Vendor: CVE Published:; 23 July 2024

What is CVE-2024-4081?

A memory corruption vulnerability exists in the NI LabVIEW software due to improper length checks, which could lead to unintended behavior. When successfully exploited, this flaw may allow attackers to execute arbitrary code, or disclose sensitive information by enticing users to open a specially crafted virtual instrument (VI). This vulnerability impacts all versions up to and including NI LabVIEW 2024 Q1. Users of this software should prioritize reviewing their environments and applying necessary security updates as outlined by the vendor to mitigate potential threats.

Affected Version(s)

LabVIEW 0 <= 24.1

References

https://www.ni.com/en/support/security/available-critical...

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2024
Vulnerability Reserved
Apr 23, 2024

Credit

Michael Heinzl working with CISA

Ni

What is CVE-2024-4081?

Affected Version(s)

References

CVSS V4

Timeline

Credit