CVE-2023-40166

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in `FileManager::detectLanguageFromTextBegining `. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/	Exploit Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:notepad-plus-plus:notepad\+\+:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:18

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-08-25 21:15

Updated : 2024-11-21 08:18

NVD link : CVE-2023-40166

Mitre link : CVE-2023-40166

CVE.ORG link : CVE-2023-40166

JSON object : View

Products Affected

notepad-plus-plus

notepad\+\+

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-122

Heap-based Buffer Overflow

{"id": "CVE-2023-40166", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2023-08-25T21:15:08.777", "references": [{"url": "https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-120"}, {"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in `FileManager::detectLanguageFromTextBegining `. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++."}, {"lang": "es", "value": "Notepad++ es un editor de c\u00f3digo fuente gratuito y de c\u00f3digo abierto. Las versiones 8.5.6 y anteriores son vulnerables al desbordamiento de lectura del b\u00fafer de mont\u00f3n en `FileManager::detectLanguageFromTextBegining`. La explotabilidad de este problema no est\u00e1 clara. Potencialmente, puede ser utilizado para filtrar informaci\u00f3n de asignaci\u00f3n de memoria interna. En el momento de la publicaci\u00f3n, no hay parches conocidos disponibles en las versiones existentes de Notepad++.\n"}], "lastModified": "2024-11-21T08:18:54.703", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:notepad-plus-plus:notepad\\+\\+:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51C2BF99-30E2-4BFC-B6BE-DBB33C6C6FEF", "versionEndIncluding": "8.5.6"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}