CVE-2023-40164

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-40164

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-40164.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-40164

Published

2023-08-25T20:12:58.877Z

Modified

2026-03-14T12:17:21.503659Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Notepad++ global buffer read overflow in nsCodingStateMachine::NextState

Details

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in nsCodingStateMachine::NextStater. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-120"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/40xxx/CVE-2023-40164.json"
}

References

Affected packages

Git / github.com/notepad-plus-plus/notepad-plus-plus

Affected ranges

Type

GIT

Repo

https://github.com/notepad-plus-plus/notepad-plus-plus

Events

Introduced

Last affected

e39deab7782a89990ac5d3b35f910a33949ea740

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.5.6"
        }
    ]
}

Affected versions

7.*

7.2.2

7.3.1

Other

patch-1_#167

patch-2_#268

patch-3_#283

v5.*

v5.4.2

v5.4.3

v5.4.4

v5.4.5

v5.5

v5.5.1

v5.6

v5.6.1

v5.6.2

v5.6.3

v5.6.4

v5.6.5

v5.6.6

v5.6.7

v5.6.8

v5.7

v5.8

v5.8.1

v5.8.2

v5.8.3

v5.8.4

v5.8.5

v5.8.6

v5.8.7

v5.9

v5.9.1

v5.9.2

v5.9.3

v5.9.4

v5.9.5

v5.9.6

v5.9.6.1

v5.9.6.2

v5.9.7

v5.9.8

v6.*

v6.1

v6.1.1

v6.1.2

v6.1.3

v6.1.4

v6.1.5

v6.1.6

v6.1.7

v6.1.8

v6.2

v6.2.1

v6.2.2

v6.2.3_-_End_of_World_Edition

v6.3

v6.3.1

v6.3.2

v6.3.3

v6.4

v6.4.1

v6.4.2

v6.4.3

v6.4.4

v6.4.5

v6.5

v6.5.1

v6.5.2

v6.5.3

v6.5.4

v6.5.5

v6.6

v6.6.1

v6.6.2

v6.6.3

v6.6.4

v6.6.6_-_Friday_the_13th_edition

v6.6.7

v6.6.8

v6.6.9

v6.7

v6.7.1

v6.7.2

v6.7.3

v6.7.4_-_Je_suis_Charlie_edition

v6.7.5

v6.7.6

v6.7.7

v6.7.8

v6.7.8.1

v6.7.8.2

v6.7.9

v6.7.9.1

v6.7.9.2

v6.8

v6.8.1

v6.8.2

v6.8.3

v6.8.4

v6.8.5

v6.8.6

v6.8.7

v6.8.8

v6.8.9

v6.9

v6.9.1

v6.9.2

v7.*

v7.1

v7.2

v7.2.1

v7.2.2

v7.3

v7.3.1

v7.3.2

v7.3.3

v7.4

v7.4.1

v7.4.2

v7.5

v7.5.1

v7.5.2

v7.5.3

v7.5.4

v7.5.5

v7.5.6

v7.5.7

v7.5.8

v7.5.9

v7.6

v7.6.1

v7.6.2

v7.6.3

v7.6.4

v7.6.5

v7.6.6

v7.7

v7.7.1

v7.8

v7.8.1

v7.8.2

v7.8.3

v7.8.4

v7.8.5

v7.8.6

v7.8.7

v7.8.8

v7.8.9

v7.9

v7.9.1

v7.9.2

v7.9.3

v7.9.4

v7.9.5

v8.*

v8.1

v8.1.1

v8.1.2

v8.1.3

v8.1.4

v8.1.5

v8.1.6

v8.1.7

v8.1.8

v8.1.9

v8.1.9.1

v8.1.9.2

v8.1.9.3

v8.2

v8.2.1

v8.3

v8.3.1

v8.3.2

v8.3.3

v8.4

v8.4.1

v8.4.2

v8.4.3

v8.4.4

v8.4.5

v8.4.6

v8.4.7

v8.4.8

v8.4.9

v8.5

v8.5.1

v8.5.2

v8.5.3

v8.5.4

v8.5.5

v8.5.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-40164.json"