CVE-2023-40164

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 25, 2023
Updated: Aug 31, 2023
CWE ID 120

Summary

CVE-2023-40164 is a vulnerability affecting Notepad++ versions 8.5.6 and earlier. This vulnerability is classified as a global buffer read overflow in `nsCodingStateMachine::NextStater`. The potential danger of this vulnerability is the possibility of leaking internal memory allocation information, although the exploitability of the issue is unclear. Currently, there are no known patches available for this vulnerability in existing versions of Notepad++. The affected products include various versions of Notepad++ and related software components. The CVSS score for this vulnerability is 5.5, indicating a medium severity level.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share