High‑Severity Vulnerabilities Discovered in Notepad++ (CVE‑2023‑40031, CVE‑2023‑40036, CVE‑2023‑40164, CVE‑2023‑40166)
Security researchers have identified four high‑severity buffer‑overflow vulnerabilities (CVE‑2023‑40031, CVE‑2023‑40036, CVE‑2023‑40164, CVE‑2023‑40166) in the popular open‑source editor Notepad++, disclosed after the developers failed to patch them before the release of version 8.5.6, urging users to apply mitigations.
Notepad++ is a well‑known open‑source code editor that has attracted the attention of security researchers.
Researchers discovered several high‑severity vulnerabilities with a CVSS score of 7.8/10, including four buffer‑overflow issues.
Although the vulnerabilities were reported to the developers at the end of April 2023, they remained unfixed until the release of Notepad++ v8.5.6.
Because more than three months passed without a fix, the researchers publicly disclosed the vulnerabilities and proof‑of‑concept code to warn users and pressure the developers.
Vulnerability details:
CVE‑2023‑40031: heap buffer write overflow in Utf8_16_Read::convert .
CVE‑2023‑40036: global buffer read overflow in CharDistributionAnalysis::HandleOneChar , exploitable via crafted files.
CVE‑2023‑40164: global buffer read overflow in nsCodingStateMachine::NextState .
CVE‑2023‑40166: heap buffer read overflow in FileManager::detectLanguageFromTextBegining .
The full advisory can be found at the GitHub Security Lab link: https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/#resources .
IT Services Circle
Delivering cutting-edge internet insights and practical learning resources. We're a passionate and principled IT media platform.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.