1. EXECUTIVE SUMMARY
- CVSS v4 8.5
- ATTENTION: Low attack complexity
- Vendor: National Instruments
- Equipment: LabVIEW
- Vulnerabilities: Out-of-bounds Read
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following National Instruments products are affected:
- LabVIEW 2024: Versions Q3 (24.3f0) and prior
- LabVIEW 2023: All versions
- LabVIEW 2022: All versions
- LabVIEW 2021 (EOL) and below: All versions
3.2 VULNERABILITY OVERVIEW
3.2.1 OUT-OF-BOUNDS READ CWE-125
An out-of-bounds read exists in the HeapObjMapImpl function, which may allow an attacker to disclose information or execute arbitrary code.
CVE-2024-10494 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2024-10494. A base score of 8.5 has been calculated; the CVSS vector string is (CVSS4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.2.2 OUT-OF-BOUNDS READ CWE-125
An out-of-bounds read exists when loading the font table, which may allow an attacker to disclose information or execute arbitrary code.
<
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: