CVE-2023-40031 HIGH

CVE-2023-40031: Notepad++ vulnerable to heap buffer write overflow in Utf8_16_Read::convert

Vendor Notepad-Plus-Plus
Product notepad-plus-plus
Weakness CWE-120
Published August 25, 2023
Last update October 2, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in `Utf8_16_Read::convert`. This issue may lead to arbitrary code execution. As of time of publication, no known patches are available in existing versions of Notepad++.

Key dates

02Disclosure timeline

August 25, 2023 CVE published
October 2, 2024 Record updated