CVE-2023-40166

Опубликовано: 25 авг. 2023

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in FileManager::detectLanguageFromTextBegining . The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.

Ссылки

https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/
Exploit
Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:notepad-plus-plus:notepad\+\+:*:*:*:*:*:*:*:*

Версия до 8.5.6 (включая)

EPSS

Процентиль: 27%

0.00095

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-120

Связанные уязвимости

BDU:2023-05227