CVE-2024-5602

CVSS V2 None CVSS V3 None

Description

A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted nitrace file. The NI I/O Trace tool is installed as part of the NI System Configuration utilities included with many NI software products.  Refer to the NI Security Advisory for identifying the version of NI IO Trace.exe installed. The NI I/O Trace tool was also previously released as NI Spy.

Overview

CVE ID
CVE-2024-5602

Assigner
NI

Vulnerability Status
PUBLISHED

Published Version
2024-07-23T13:15:50.508Z

Last Modified Date
2024-07-23T14:11:46.604Z

Weakness Enumerations

CWE	URL
CWE-121	http://cwe.mitre.org/data/definitions/121.html

References

Reference URL	Reference Tags
https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/stack-based-buffer-overflow-vulnerability-in-ni-io-trace-tool.html

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-5602
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5602

History

Created	Old Value	New Value	Data Type	Notes
2024-07-24 13:03:57				Added to TrackCVE