Improper Validation of Specified Index, Position, or Offset in Input

CVE-2024-10494

High

8.4/10

Summary

An out of bounds read due to improper input validation in HeapObjMapImpl.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input

The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.

References

Advisory Timeline

Published Dec 10, 2024

Improper Validation of Specified Index, Position, or Offset in Input

CVE-2024-10494

Summary

CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS