We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-40164

Notepad++ global buffer read overflow in nsCodingStateMachine::NextState



AssignerGitHub_M
Reserved2023-08-09
Published2023-08-25
Updated2024-10-02

Description

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `nsCodingStateMachine::NextStater`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.



MEDIUM: 5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Problem types

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

<= 8.5.6
affected

References

https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/

cve.org CVE-2023-40164

nvd.nist.gov CVE-2023-40164

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.