Notepad++ vulnerable to heap buffer write overflow in Utf8_16_Read::convert
CVE-2023-40031

7.8HIGH

Key Information:

Vendor: Notepad-plus-plus
Status: Notepad-plus-plus
Vendor: CVE Published:; 25 August 2023

🔔 Create Notepad-plus-plus Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2023-40031?

Notepad++ is a popular open-source source code editor that is susceptible to a heap buffer write overflow in the 'Utf8_16_Read::convert' function. This vulnerability could be exploited to execute arbitrary code on affected installations. As of now, versions 8.5.6 and earlier are at risk, with no patches available to address the issue. Users of Notepad++ should remain vigilant and consider upgrading or applying mitigation strategies to protect their systems.

Affected Version(s)

notepad-plus-plus <= 8.5.6

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-40031
Created by webraybtl

References

https://securitylab.github.com/advisories/GHSL-2023-092_N...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Sep 8, 2023
👾
Exploit known to exist
Sep 8, 2023
Vulnerability published
Aug 25, 2023
Vulnerability Reserved
Aug 8, 2023