Community
    • Login

    CVEs in Notepad++ V8.5.6 and Prior

    Scheduled Pinned Locked Moved General Discussion
    2 Posts 2 Posters 1.2k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Murray Sobol 1M Offline
      Murray Sobol 1
      last edited by

      The following CVEs have been reported in Notepad++ V8.5.6 and Prior
      CVE-2023-40166
      Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in FileManager::detectLanguageFromTextBegining . The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information.
      CVE-2023-40164
      Versions 8.5.6 and prior are vulnerable to global buffer read overflow in nsCodingStateMachine::NextStater. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information.
      CVE-2023-40036
      Versions 8.5.6 and prior are vulnerable to global buffer read overflow in CharDistributionAnalysis::HandleOneChar. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information.
      CVE-2023-40031
      Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in Utf8_16_Read::convert. This issue may lead to arbitrary code execution.

      For all of the above CVEs, As of time of publication, no known patches are available in existing versions of Notepad++.

      I sincerely hope that these issues are being addressed and will be resolved in a not to distant version of Notepad++.

      PeterJonesP 1 Reply Last reply Reply Quote -3
      • PeterJonesP Offline
        PeterJones @Murray Sobol 1
        last edited by PeterJones

        @Murray-Sobol-1 said in CVEs in Notepad++ V8.5.6 and Prior:

        The following CVEs have been reported in Notepad++ V8.5.6 and Prior

        Already addressed:
        https://community.notepad-plus-plus.org/topic/24889/notepad-v8-5-7-release-candidate

        For all of the above CVEs, As of time of publication, no known patches are available in existing versions of Notepad++.

        Notepad++ does not do “patch” releases. It just releases new versions. And the new version implementing the fixes is available in release-candidate, and will be switched to full release soon,

        1 Reply Last reply Reply Quote 2

        Hello! It looks like you're interested in this conversation, but you don't have an account yet.

        Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

        With your input, this post could be even better 💗

        Register Login
        • First post
          Last post
        The Community of users of the Notepad++ text editor.
        Powered by NodeBB | Contributors