Microsoft Alerts Android App Developers About New ‘Dirty Stream’ Attack
May 5, 2024Russia’s APT28 Abused Microsoft Outlook Vulnerability to Target German and Czech Organizations
May 6, 2024Microsoft Alerts Android App Developers About New ‘Dirty Stream’ Attack
May 5, 2024Russia’s APT28 Abused Microsoft Outlook Vulnerability to Target German and Czech Organizations
May 6, 2024Severity
Medium
Analysis Summary
CVE-2023-40031 CVSS:7.8
Notepad++ is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the Utf8_16_Read::convert component. By persuading a victim to open a specially crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVE-2023-40036 CVSS:5.5
Notepad++ is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the CharDistributionAnalysis::HandleOneChar component. By persuading a victim to open a specially crafted file, a remote attacker could overflow a buffer and leak internal memory allocation information.
CVE-2023-40164 CVSS:5.5
Notepad++ is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the nsCodingStateMachine::NextStater component. By persuading a victim to open a specially crafted file, a remote attacker could overflow a buffer and leak internal memory allocation information.
CVE-2023-40166 CVSS:5.5
Notepad++ is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the FileManager::detectLanguageFromTextBegining component. By persuading a victim to open a specially crafted file, a remote attacker could overflow a buffer and leak internal memory allocation information.
Impact
- Gain Access
- Buffer Overflow
Indicators of Compromise
CVE
- CVE-2023-40031
- CVE-2023-40036
- CVE-2023-40164
- CVE-2023-40166
Affected Vendors
Affected Products
- Notepad++ 8.5.6
Remediation
Refer to Notepad++ Website for patch, upgrade, or suggested workaround information.