Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-6638

An integer overflow vulnerability due to improper input validation when reading TDMS files in LabVIEW may result in an infinite loop. Successful exploitation requires an attacker to provide a user with a specially crafted TDMS file. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

Published

2024-07-22T20:15:04.723

Last Modified

2025-03-06T19:32:31.013

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-190
Type: Primary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ni	labview	≤ 2021	Yes
Application	ni	labview	2022	Yes
Application	ni	labview	2022	Yes
Application	ni	labview	2022	Yes
Application	ni	labview	2022	Yes
Application	ni	labview	2023	Yes
Application	ni	labview	2023	Yes
Application	ni	labview	2023	Yes
Application	ni	labview	2023	Yes
Application	ni	labview	2023	Yes
Application	ni	labview	2023	Yes
Application	ni	labview	2024	Yes
Application	ni	labview	2024	Yes

References

https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/integer-overflow-vulnerability-reading-tdms-files-in-labview.html Vendor Advisory ([email protected])
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/integer-overflow-vulnerability-reading-tdms-files-in-labview.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)