CVE-2024-4080: 
LabVIEW vulnerability analysis and mitigation

CVE-2024-4080 is a memory corruption vulnerability discovered in National Instruments LabVIEW's tdcore.dll component. The vulnerability was disclosed on July 23, 2024, affecting LabVIEW 2024 Q1 and prior versions. The issue stems from an improper length check which could lead to information disclosure or arbitrary code execution (NVD, CISA).

The vulnerability is classified as an improper restriction of operations within the bounds of a memory buffer (CWE-119) and an out-of-bounds write (CWE-787). It has received a CVSS v3.1 base score of 7.8 (HIGH) with the vector string AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, and a CVSS v4.0 score of 8.4 (HIGH) with the vector string CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N (NVD).

The vulnerability can lead to information disclosure or arbitrary code execution on affected systems. The high CVSS scores indicate severe potential impacts on system confidentiality, integrity, and availability when successfully exploited (NI Advisory).

National Instruments strongly recommends updating to patched versions: LabVIEW 2024 Q3 or later for 2024 Q1 users, LabVIEW 2023 Q3 Patch 3 or later for 2023 users, LabVIEW 2022 Q3 Patch 1 or later for 2022 users, and LabVIEW 2021 SP1 f2 or later for 2021 users. Systems running LabVIEW 2020 and prior versions are no longer in Mainstream Support (NI Advisory).