ID

VAR-201709-1022


CVE

CVE-2017-2779


TITLE

LabVIEW Vulnerable to out-of-bounds writing

Trust: 0.8

sources: JVNDB: JVNDB-2017-007773

DESCRIPTION

An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument (VI) file can cause an attacker controlled looping condition resulting in an arbitrary null write. An attacker controlled VI file can be used to trigger this vulnerability and can potentially result in code execution. LabVIEW Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. National Instruments LabVIEW is prone to a memory-corruption vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Note that this issue could be exploited to execute arbitrary code; however, this has not been confirmed. National Instruments LabVIEW 2016 version 16.0 is vulnerable; other versions may also be affected

Trust: 1.89

sources: NVD: CVE-2017-2779 // JVNDB: JVNDB-2017-007773 // BID: 100519

AFFECTED PRODUCTS

vendor:nimodel:labviewscope:eqversion:2016

Trust: 1.6

vendor:nimodel:labviewscope:eqversion:2017

Trust: 1.6

vendor:nimodel:labviewscope:eqversion:2014

Trust: 1.6

vendor:nimodel:labviewscope:eqversion:2015

Trust: 1.6

vendor:national instrumentsmodel:labviewscope:eqversion:2014

Trust: 0.8

vendor:national instrumentsmodel:labviewscope:eqversion:2015

Trust: 0.8

vendor:national instrumentsmodel:labviewscope:eqversion:2016

Trust: 0.8

vendor:national instrumentsmodel:labviewscope:eqversion:2017

Trust: 0.8

vendor:nationalmodel:instruments labviewscope:eqversion:201616.0

Trust: 0.3

sources: BID: 100519 // JVNDB: JVNDB-2017-007773 // CNNVD: CNNVD-201709-089 // NVD: CVE-2017-2779

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2779
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2779
value: HIGH

Trust: 1.0

NVD: CVE-2017-2779
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201709-089
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2017-2779
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2017-2779
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

talos-cna@cisco.com: CVE-2017-2779
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: JVNDB: JVNDB-2017-007773 // CNNVD: CNNVD-201709-089 // NVD: CVE-2017-2779 // NVD: CVE-2017-2779

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2017-007773 // NVD: CVE-2017-2779

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201709-089

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201709-089

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007773

PATCH

title:Incomplete RSRC Validation in LabVIEWurl:http://www.ni.com/product-documentation/54099/en/

Trust: 0.8

title:National Instruments Compactrio Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190035

Trust: 0.6

sources: JVNDB: JVNDB-2017-007773 // CNNVD: CNNVD-201709-089

EXTERNAL IDS

db:NVDid:CVE-2017-2779

Trust: 2.7

db:TALOSid:TALOS-2017-0273

Trust: 1.9

db:BIDid:100519

Trust: 1.9

db:JVNDBid:JVNDB-2017-007773

Trust: 0.8

db:CNNVDid:CNNVD-201709-089

Trust: 0.6

sources: BID: 100519 // JVNDB: JVNDB-2017-007773 // CNNVD: CNNVD-201709-089 // NVD: CVE-2017-2779

REFERENCES

url:http://www.securityfocus.com/bid/100519

Trust: 1.6

url:https://0patch.blogspot.com/2017/09/0patching-rsrc-arbitrary-null-write.html

Trust: 1.6

url:http://www.ni.com/product-documentation/54099/en/

Trust: 1.6

url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0273

Trust: 1.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2779

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-2779

Trust: 0.8

url:https://talosintelligence.com/vulnerability_reports/talos-2017-0273

Trust: 0.6

url:http://www.ni.com/en-gb/shop/labview.html

Trust: 0.3

sources: BID: 100519 // JVNDB: JVNDB-2017-007773 // CNNVD: CNNVD-201709-089 // NVD: CVE-2017-2779

CREDITS

Cory Duplantis of Cisco Talos.

Trust: 0.9

sources: BID: 100519 // CNNVD: CNNVD-201709-089

SOURCES

db:BIDid:100519
db:JVNDBid:JVNDB-2017-007773
db:CNNVDid:CNNVD-201709-089
db:NVDid:CVE-2017-2779

LAST UPDATE DATE

2024-08-14T13:29:49.601000+00:00


SOURCES UPDATE DATE

db:BIDid:100519date:2017-08-29T00:00:00
db:JVNDBid:JVNDB-2017-007773date:2017-10-03T00:00:00
db:CNNVDid:CNNVD-201709-089date:2022-04-21T00:00:00
db:NVDid:CVE-2017-2779date:2022-04-19T19:15:20.043

SOURCES RELEASE DATE

db:BIDid:100519date:2017-08-29T00:00:00
db:JVNDBid:JVNDB-2017-007773date:2017-10-03T00:00:00
db:CNNVDid:CNNVD-201709-089date:2017-08-29T00:00:00
db:NVDid:CVE-2017-2779date:2017-09-05T18:29:00.257