CVE-2023-40164
published 2023-08-25CVE-2023-40164: Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in…
PriorityP424medium5.5CVSS 3.1
AVLACLPRNUIRSUCHINAN
EPSS
0.55%
41.8th percentile
Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `nsCodingStateMachine::NextStater`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| notepad-plus-plus | notepad | <= 8.5.6 | — |
| notepad-plus-plus | notepad-plus-plus | <= 8.5.6 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Notepad++ 8.5.7 released with fixes for four security vulnerabilities
blogs_bleepingcomputer·2023-09-08·CVSS 7.8
[HIGH] Notepad++ 8.5.7 released with fixes for four security vulnerabilities
## Notepad++ 8.5.7 released with fixes for four security vulnerabilities
## Bill Toulas
Proof of concept exploits have also been published for these flaws in the researcher's public advisory, making it essential for users to update the program as soon as possible.
## Security flaws in Notepad++
The discovered vulnerabilities involve heap buffer write and read overflows in various functions and libraries used by Notepad++.
Here's a summary of the four flaws discovered by GitHub's researcher:
CVE-2023-40031 : Buffer overflow in the Utf8_16_Read::convert function due to incorrect assumptions about UTF16 to UTF8 encoding conversions.
CVE-2023-40036 : Global buffer read overflow in CharDistributionAnalysis::HandleOneChar caused by an array index order based on the buffer size, exacerbate
Greynoiseio
A Day In The Life Of A GreyNoise Researcher: The Path To Understanding The Remote Code Execution Vulnerability Apache (CVE-2023-50164) in Apache Struts2
blogs_greynoiseio·CVSS 5.5
[MEDIUM] A Day In The Life Of A GreyNoise Researcher: The Path To Understanding The Remote Code Execution Vulnerability Apache (CVE-2023-50164) in Apache Struts2
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
2023-08-25
Published