{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6638", "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "state": "PUBLISHED", "assignerShortName": "NI", "dateReserved": "2024-07-09T23:58:45.236Z", "datePublished": "2024-07-22T19:55:23.548Z", "dateUpdated": "2024-08-01T21:41:04.317Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "LabVIEW", "vendor": "NI", "versions": [{"lessThanOrEqual": "24.1", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "James McNally of Wiresmith Technology"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">An integer overflow vulnerability due to improper input validation when reading TDMS files in LabVIEW may result in an infinite loop. Successful exploitation requires an attacker to provide a user with a specially crafted TDMS file. This vulnerability affects LabVIEW 2024 Q1 and prior versions.</span><br>"}], "value": "An integer overflow vulnerability due to improper input validation when reading TDMS files in LabVIEW may result in an infinite loop. Successful exploitation requires an attacker to provide a user with a specially crafted TDMS file. This vulnerability affects LabVIEW 2024 Q1 and prior versions."}], "impacts": [{"capecId": "CAPEC-92", "descriptions": [{"lang": "en", "value": "CAPEC-92 Forced Integer Overflow"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "shortName": "NI", "dateUpdated": "2024-07-22T19:55:23.548Z"}, "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/integer-overflow-vulnerability-reading-tdms-files-in-labview.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Integer Overflow Vulnerability Reading TDMS Files in LabVIEW", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "ni", "product": "labview", "cpes": ["cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "24.1", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-23T14:13:58.614582Z", "id": "CVE-2024-6638", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T14:18:20.704Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:41:04.317Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/integer-overflow-vulnerability-reading-tdms-files-in-labview.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/integer-overflow-vulnerability-reading-tdms-files-in-labview.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:41:04.317Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6638", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-23T14:13:58.614582Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ni:labview:*:*:*:*:*:*:*:*"], "vendor": "ni", "product": "labview", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "24.1"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T14:16:27.754Z"}}], "cna": {"title": "Integer Overflow Vulnerability Reading TDMS Files in LabVIEW", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "James McNally of Wiresmith Technology"}], "impacts": [{"capecId": "CAPEC-92", "descriptions": [{"lang": "en", "value": "CAPEC-92 Forced Integer Overflow"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NI", "product": "LabVIEW", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "24.1"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/integer-overflow-vulnerability-reading-tdms-files-in-labview.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An integer overflow vulnerability due to improper input validation when reading TDMS files in LabVIEW may result in an infinite loop. Successful exploitation requires an attacker to provide a user with a specially crafted TDMS file. This vulnerability affects LabVIEW 2024 Q1 and prior versions.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">An integer overflow vulnerability due to improper input validation when reading TDMS files in LabVIEW may result in an infinite loop. Successful exploitation requires an attacker to provide a user with a specially crafted TDMS file. This vulnerability affects LabVIEW 2024 Q1 and prior versions.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "shortName": "NI", "dateUpdated": "2024-07-22T19:55:23.548Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6638", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:41:04.317Z", "dateReserved": "2024-07-09T23:58:45.236Z", "assignerOrgId": "bca5b2e8-03a4-4781-b4ca-c6a078c0bfd4", "datePublished": "2024-07-22T19:55:23.548Z", "assignerShortName": "NI"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "An integer overflow vulnerability due to improper input validation when reading TDMS files in LabVIEW may result in an infinite loop. Successful exploitation requires an attacker to provide a user with a specially crafted TDMS file. This vulnerability affects LabVIEW 2024 Q1 and prior versions."}, {"lang": "es", "value": "Una vulnerabilidad de desbordamiento de enteros debido a una validaci\u00f3n de entrada incorrecta al leer archivos TDMS en LabVIEW puede resultar en un bucle infinito. La explotaci\u00f3n exitosa requiere que un atacante proporcione al usuario un archivo TDMS especialmente manipulado. Esta vulnerabilidad afecta a LabVIEW 2024 Q1 y versiones anteriores."}], "id": "CVE-2024-6638", "lastModified": "2024-11-21T09:50:03.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security@ni.com", "type": "Secondary"}]}, "published": "2024-07-22T20:15:04.723", "references": [{"source": "security@ni.com", "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/integer-overflow-vulnerability-reading-tdms-files-in-labview.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/integer-overflow-vulnerability-reading-tdms-files-in-labview.html"}], "sourceIdentifier": "security@ni.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "security@ni.com", "type": "Secondary"}]}

{}