CVE-2017-2775

An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled VI file can be used to trigger this vulnerability, exploitation could lead to remote code execution.
References
Link Resource
http://www.ni.com/product-documentation/53778/en/
http://www.securityfocus.com/bid/97020 Third Party Advisory VDB Entry
http://www.talosintelligence.com/reports/TALOS-2017-0269/ Exploit Technical Description Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:ni:labview:16.0.0.49152:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-03-31 18:59

Updated : 2023-12-10 12:01


NVD link : CVE-2017-2775

Mitre link : CVE-2017-2775

CVE.ORG link : CVE-2017-2775


JSON object : View

Products Affected

ni

  • labview
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer