fkie_nvd - fkie_cve-2024-6638

fkie_cve-2024-6638

Vulnerability from fkie_nvd

Published

2024-07-22 20:15

Modified

2025-03-06 19:32

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Summary

An integer overflow vulnerability due to improper input validation when reading TDMS files in LabVIEW may result in an infinite loop. Successful exploitation requires an attacker to provide a user with a specially crafted TDMS file. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

References

▶	URL	Tags
	security@ni.com	https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/integer-overflow-vulnerability-reading-tdms-files-in-labview.html	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/integer-overflow-vulnerability-reading-tdms-files-in-labview.html	Vendor Advisory

Impacted products

Vendor	Product	Version
ni	labview	*
ni	labview	2022
ni	labview	2022
ni	labview	2022
ni	labview	2022
ni	labview	2023
ni	labview	2023
ni	labview	2023
ni	labview	2023
ni	labview	2023
ni	labview	2023
ni	labview	2024
ni	labview	2024

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "807AE6D5-8096-47A2-A47D-1A5EFC85652D",
              "versionEndIncluding": "2021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ni:labview:2022:q1:*:*:*:*:*:*",
              "matchCriteriaId": "4D12D6CF-802F-47BA-ADF9-9E52C071BD7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ni:labview:2022:q3:*:*:*:*:*:*",
              "matchCriteriaId": "340F61E5-D1ED-4C29-A894-8BC5C5B90ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ni:labview:2022:q3_patch1:*:*:*:*:*:*",
              "matchCriteriaId": "52CC3023-4913-40BA-B74C-786F32DC7551",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ni:labview:2022:q3_patch2:*:*:*:*:*:*",
              "matchCriteriaId": "FC150E98-5889-4A65-84B8-E4871091D104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ni:labview:2023:q1:*:*:*:*:*:*",
              "matchCriteriaId": "D7DD2022-CFB7-4F38-B459-C1AFB55B5B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ni:labview:2023:q3:*:*:*:*:*:*",
              "matchCriteriaId": "18AB0B07-72FE-4861-B69D-AD2E87C5382E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ni:labview:2023:q3_patch1:*:*:*:*:*:*",
              "matchCriteriaId": "91928C9C-F094-4EE4-9FBE-2B7956D68E6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ni:labview:2023:q3_patch2:*:*:*:*:*:*",
              "matchCriteriaId": "044C4B51-C641-41F2-ACA0-834C99D63285",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ni:labview:2023:q3_patch3:*:*:*:*:*:*",
              "matchCriteriaId": "26EEE5E3-AD37-4832-A66C-5F8F7A478F30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ni:labview:2023:q3_patch4:*:*:*:*:*:*",
              "matchCriteriaId": "5DC20B17-C582-42C4-9780-5DC61B4AED91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ni:labview:2024:q1:*:*:*:*:*:*",
              "matchCriteriaId": "7753CCDF-BAF8-4F91-B85B-EBB2B88F6F30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ni:labview:2024:q1_patch1:*:*:*:*:*:*",
              "matchCriteriaId": "953E8FD0-4420-4592-B696-C377D4EE0CA2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An integer overflow vulnerability due to improper input validation when reading TDMS files in LabVIEW may result in an infinite loop.  Successful exploitation requires an attacker to provide a user with a specially crafted TDMS file.  This vulnerability affects LabVIEW 2024 Q1 and prior versions."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de desbordamiento de enteros debido a una validaci\u00f3n de entrada incorrecta al leer archivos TDMS en LabVIEW puede resultar en un bucle infinito. La explotaci\u00f3n exitosa requiere que un atacante proporcione al usuario un archivo TDMS especialmente manipulado. Esta vulnerabilidad afecta a LabVIEW 2024 Q1 y versiones anteriores."
    }
  ],
  "id": "CVE-2024-6638",
  "lastModified": "2025-03-06T19:32:31.013",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "security@ni.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-07-22T20:15:04.723",
  "references": [
    {
      "source": "security@ni.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/integer-overflow-vulnerability-reading-tdms-files-in-labview.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/integer-overflow-vulnerability-reading-tdms-files-in-labview.html"
    }
  ],
  "sourceIdentifier": "security@ni.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "security@ni.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2024-6638 (GCVE-0-2024-6638)

Vulnerability from cvelistv5

Published

2024-07-22 19:55

Modified

2024-08-01 21:41

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-190 - Integer Overflow or Wraparound

Summary

References

►

URL

Tags

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/integer-overflow-vulnerability-reading-tdms-files-in-labview.html