CVE-2023-40031

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Notepad++ versions 8.5.6 and prior

Description The issue is related to a heap buffer write overflow in the Utf8 16 Read::convert function, which may lead to arbitrary code execution when a user opens a specially crafted file. This can potentially allow an attacker to execute arbitrary code.

Recommendations For versions 8.5.6 and prior, update to version 8.5.7 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the Utf8 16 Read::convert function until a patch is available. Restrict access to potentially vulnerable files to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120CWE-122

Related Identifiers

BDU:2023-05051

BDU:2023-05226

CVE-2023-40031

Affected Products

Notepad++

CVE-2023-40031

Weakness Enumeration

Related Identifiers

Affected Products

References · 31