Improper Validation of Specified Index, Position, or Offset in Input

CVE-2024-23612

High

7.8/10

Summary

An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input

The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.

References

Advisory Timeline

Published Mar 11, 2024

Improper Validation of Specified Index, Position, or Offset in Input

CVE-2024-23612

Summary

CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS