CVE-2024-4081
Severity CVSS v4.0:
HIGH
Type:
CWE-787
Out-of-bounds Write
Publication date:
23/07/2024
Last modified:
29/09/2025
Description
A memory corruption issue due to an improper length check in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects NI LabVIEW 2024 Q1 and prior versions.
Impact
Base Score 4.0
8.40
Severity 4.0
HIGH
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:* | 2020 (including) | |
| cpe:2.3:a:ni:labview:2021:-:*:*:*:*:*:* | ||
| cpe:2.3:a:ni:labview:2021:sp1:*:*:*:*:*:* | ||
| cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:* | ||
| cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:* | ||
| cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:* | ||
| cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:* | ||
| cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:* | ||
| cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-issues-due-to-improper-length-checks-in-labview.html
- https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-issues-due-to-improper-length-checks-in-labview.html