Unrated severityNVD Advisory· Published Aug 25, 2023· Updated Oct 1, 2024

Notepad++ global buffer read overflow in CharDistributionAnalysis::HandleOneChar

CVE-2023-40036

Description

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in CharDistributionAnalysis::HandleOneChar. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.

Affected products

Notepad Plus Plus/Notepad Plus Plusv5
Range: <= 8.5.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

securitylab.github.com/advisories/GHSL-2023-092_Notepad__/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000