PT-2023-4780 · Notepad++ · Notepad++

Jarlob

Publicado

2023-08-21

Atualizado

2023-09-11

CVE-2023-40166

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Notepad++ versions 8.5.6 and prior

Description The issue is related to a heap buffer read overflow in the FileManager::detectLanguageFromTextBegining() function. This may potentially be used to leak internal memory allocation information. The exploitability of this issue is not clear.

Recommendations For versions 8.5.6 and prior, update to version 8.5.7 or later to resolve the issue. As a temporary workaround, consider disabling the FileManager::detectLanguageFromTextBegining() function until a patch is available.

Exploit

Correção

Buffer Overflow

Heap Based Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-120CWE-122

Identificadores relacionados

BDU:2023-05227

CVE-2023-40166

Produtos afetados

Notepad++

PT-2023-4780 · Notepad++ · Notepad++

CVE-2023-40166

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 18