CVE-2024-6638
Severity CVSS v4.0:
Pending analysis
Type:
CWE-190
Integer Overflow or Wraparound
Publication date:
22/07/2024
Last modified:
06/03/2025
Description
An integer overflow vulnerability due to improper input validation when reading TDMS files in LabVIEW may result in an infinite loop. Successful exploitation requires an attacker to provide a user with a specially crafted TDMS file. This vulnerability affects LabVIEW 2024 Q1 and prior versions.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:* | 2021 (including) | |
| cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:* | ||
| cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:* | ||
| cpe:2.3:a:ni:labview:2022:q3_patch1:*:*:*:*:*:* | ||
| cpe:2.3:a:ni:labview:2022:q3_patch2:*:*:*:*:*:* | ||
| cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:* | ||
| cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:* | ||
| cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:* | ||
| cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:* | ||
| cpe:2.3:a:ni:labview:2023:q3_patch3:*:*:*:*:*:* | ||
| cpe:2.3:a:ni:labview:2023:q3_patch4:*:*:*:*:*:* | ||
| cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:* | ||
| cpe:2.3:a:ni:labview:2024:q1_patch1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/integer-overflow-vulnerability-reading-tdms-files-in-labview.html
- https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/integer-overflow-vulnerability-reading-tdms-files-in-labview.html