CVE-2023-40166

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 25, 2023
Updated: Aug 31, 2023
CWE ID 122
CWE ID 120

Summary

CVE-2023-40164 is a newly disclosed vulnerability affecting Notepad++, a popular free and open-source source code editor. The flaw, located in `nsCodingStateMachine::NextStater`, is a global buffer read overflow. While the exact exploitability of this issue remains uncertain, it may potentially be leveraged to leak internal memory allocation information. As of now, there are no known patches available to address this vulnerability in previous versions of Notepad++. Users are advised to exercise caution and consider using alternative editing tools until a patch is released.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share