Home > Vulnerability Database > CVE-2023-40166

Mend.io Vulnerability Database

CVE-2023-40166

Date: August 25, 2023

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in `FileManager::detectLanguageFromTextBegining `. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.

Language: C++

Severity Score

5.5

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-40166

Url: https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/

Url: https://www.mend.io/vulnerability-database/CVE-2023-40166

Severity Score

5.5

Weakness Type (CWE)

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-120

Heap-based Buffer Overflow

CWE-122

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-40166

Date: August 25, 2023

Language: C++

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?