An integer overflow vulnerability due to improper input validation when reading TDMS files in LabVIEW may result in an infinite loop. Successful exploitation requires an attacker to provide a user with a specially crafted TDMS file. This vulnerability affects LabVIEW 2024 Q1 and prior versions.
This vulnerability is identified as CVE-2024-6638.
NI recommends upgrading the affected software to mitigate this vulnerability. Refer to the Affected Products section to download the upgrade.
Product Version | Mitigation |
---|---|
LabVIEW 2024 Q1 | Upgrade to LabVIEW 2024 Q3 or later from NI Package Manager or Software Downloads |
LabVIEW 2023 | Upgrade to LabVIEW 2023 Q3 Patch 5 or later from NI Package Manager or Software Downloads |
LabVIEW 2022 | Upgrade to LabVIEW 2022 Q3 Patch 4 or later from NI Package Manager or Software Downloads |
LabVIEW 2021 and prior | Not in Mainstream Support |
TDM C DLL | Not Supported |
CVE-2024-6638 – 5.5 - CVSS:3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
At NI, we view the security of our products as an important part of our commitment to our customers. Go to ni.com/security to stay informed and act upon security alerts and issues.
NI would like to thank James McNally of Wiresmith Technology for reporting this issue and working with us on coordinated disclosure.
Help us improve your future ni.com experience.
What software will you be using with this product?