Community
    • Login

    Vulnerability CVE-2024-7264 in `libcurl.dll` – When Will It Be Addressed in Notepad++?

    Scheduled Pinned Locked Moved General Discussion
    3 Posts 3 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Madhav VasanthM
      Madhav Vasanth
      last edited by

      Hi all,

      I recently updated Notepad++ to the latest version, hoping it would resolve the vulnerability in libcurl.dll (CVE-2024-7264), which affects versions >= 7.32.0, < 8.9.1. However, after the update, I checked the libcurl.dll version in the C:\Program Files (x86)\Notepad++\updater\libcurl.dll path, and it still shows version 8.4.0, which remains vulnerable.

      Is there any planned release that will include libcurl version 8.9.1 or higher to fix this vulnerability? Or should I manually update the libcurl.dll file? Any guidance would be appreciated.

      Thanks!

      Alan KilbornA 1 Reply Last reply Reply Quote 0
      • Alan KilbornA
        Alan Kilborn @Madhav Vasanth
        last edited by

        @Madhav-Vasanth

        Do you think you get better answers if you post the same thing 3 times??

        1 Reply Last reply Reply Quote 0
        • PeterJonesP PeterJones locked this topic on
        • PeterJonesP
          PeterJones
          last edited by

          Future readers: this query was answered here and here, which both point to https://github.com/notepad-plus-plus/wingup/issues/73#issuecomment-2362168716 as the official answer.

          This duplicate request locked. Discussion can continue in the first link above.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          The Community of users of the Notepad++ text editor.
          Powered by NodeBB | Contributors