CVE-2023-40166

Published: Aug 25, 2023Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in `FileManager::detectLanguageFromTextBegining `. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.

Affected (1)

Products: Notepad Plus Plus: Notepad++

Notepad Plus Plus

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Notepad Plus Plus Notepad++	Up to 8.5.6

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References (2)

https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/

Source: security-advisories@github.com

ExploitThird Party Advisory

https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.