Lucene search

[email protected]NVD:CVE-2023-40031

HistoryAug 25, 2023 - 8:15 p.m.

CVE-2023-40031

2023-08-2520:15:08

CWE-120

CWE-122

[email protected]

web.nvd.nist.gov

notepad++

source code editor

vulnerable

heap buffer overflow

utf8_16_read

arbitrary code execution

patches

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

30.0%

JSON

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in Utf8_16_Read::convert. This issue may lead to arbitrary code execution. As of time of publication, no known patches are available in existing versions of Notepad++.

Affected configurations

Nvd

Node

notepad-plus-plusnotepad\+\+Range≤8.5.6

VendorProductVersionCPE
notepad-plus-plusnotepad\+\+*cpe:2.3:a:notepad-plus-plus:notepad\+\+:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
notepad-plus-plus	notepad\+\+	*	cpe:2.3:a:notepad-plus-plus:notepad\+\+::::::::

References

securitylab.github.com/advisories/GHSL-2023-092_Notepad__/

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

30.0%

JSON

Related for NVD:CVE-2023-40031

cve1 prion1 cvelist1 githubexploit1 osv1 kaspersky1 nessus1