PT-2017-15530 · National Instruments · Labview

Published

2017-03-31

Updated

2022-04-19

CVE-2017-2775

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LabVIEW versions prior to 2015 SP1 f7 Patch LabVIEW versions prior to 2016 f2 Patch

Description A memory corruption issue exists in the LvVariantUnflatten functionality. It can be triggered by a specially crafted VI file, causing a user-controlled value to be used as a loop terminator, which results in internal heap corruption. This could potentially lead to remote code execution if an attacker-controlled VI file is used to exploit the issue.

Recommendations For LabVIEW versions prior to 2015 SP1 f7 Patch, update to 2015 SP1 f7 Patch or later to resolve the issue. For LabVIEW versions prior to 2016 f2 Patch, update to 2016 f2 Patch or later to resolve the issue.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2017-2775

Affected Products

Labview

PT-2017-15530 · National Instruments · Labview

CVE-2017-2775

Weakness Enumeration

Related Identifiers

Affected Products

References · 5