CVE-2017-2775

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 31-03-2017 08:59

Last modified: - 19-04-2022 09:15

Total changes: - 2

Description

An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled VI file can be used to trigger this vulnerability, exploitation could lead to remote code execution.

Common Vulnerability Scoring System (CVSS)

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Low

Attack complexity

Local

Attack vector

High

Availability

High

Confidentiality

High

Integrity

None

Privileges required

Unchanged

Scope

Required

User interaction

7.8

Base score

1.8

5.9

Exploitability score

Impact score

Verification logic

vendor=ni AND product=labview AND version=16.0.0.49152

Reference

http://www.talosintelligence.com/reports/TALOS-2017-0269/
97020-Third Party Advisory, VDB Entry
http://www.ni.com/product-documentation/53778/en/

Keywords

CVE-2017-2775

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2017-2775

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures