CVE-2023-40166

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-40166

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-40166.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-40166

Published

2023-08-25T20:20:20.390Z

Modified

2026-03-11T15:24:34.286787Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Notepad++ heap buffer read overflow in FileManager::detectLanguageFromTextBegining

Details

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in FileManager::detectLanguageFromTextBegining. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-120",
        "CWE-122"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/40xxx/CVE-2023-40166.json"
}

References

Affected packages

Git / github.com/notepad-plus-plus/notepad-plus-plus

Affected ranges

Type

GIT

Repo

https://github.com/notepad-plus-plus/notepad-plus-plus

Events

Introduced

Last affected

e39deab7782a89990ac5d3b35f910a33949ea740

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.5.6"
        }
    ]
}

Affected versions

7.*

7.2.2

7.3.1

Other

patch-1_#167

patch-2_#268

patch-3_#283

v5.*

v5.4.2

v5.4.3

v5.4.4

v5.4.5

v5.5

v5.5.1

v5.6

v5.6.1

v5.6.2

v5.6.3

v5.6.4

v5.6.5

v5.6.6

v5.6.7

v5.6.8

v5.7

v5.8

v5.8.1

v5.8.2

v5.8.3

v5.8.4

v5.8.5

v5.8.6

v5.8.7

v5.9

v5.9.1

v5.9.2

v5.9.3

v5.9.4

v5.9.5

v5.9.6

v5.9.6.1

v5.9.6.2

v5.9.7

v5.9.8

v6.*

v6.1

v6.1.1

v6.1.2

v6.1.3

v6.1.4

v6.1.5

v6.1.6

v6.1.7

v6.1.8

v6.2

v6.2.1

v6.2.2

v6.2.3_-_End_of_World_Edition

v6.3

v6.3.1

v6.3.2

v6.3.3

v6.4

v6.4.1

v6.4.2

v6.4.3

v6.4.4

v6.4.5

v6.5

v6.5.1

v6.5.2

v6.5.3

v6.5.4

v6.5.5

v6.6

v6.6.1

v6.6.2

v6.6.3

v6.6.4

v6.6.6_-_Friday_the_13th_edition

v6.6.7

v6.6.8

v6.6.9

v6.7

v6.7.1

v6.7.2

v6.7.3

v6.7.4_-_Je_suis_Charlie_edition

v6.7.5

v6.7.6

v6.7.7

v6.7.8

v6.7.8.1

v6.7.8.2

v6.7.9

v6.7.9.1

v6.7.9.2

v6.8

v6.8.1

v6.8.2

v6.8.3

v6.8.4

v6.8.5

v6.8.6

v6.8.7

v6.8.8

v6.8.9

v6.9

v6.9.1

v6.9.2

v7.*

v7.1

v7.2

v7.2.1

v7.2.2

v7.3

v7.3.1

v7.3.2

v7.3.3

v7.4

v7.4.1

v7.4.2

v7.5

v7.5.1

v7.5.2

v7.5.3

v7.5.4

v7.5.5

v7.5.6

v7.5.7

v7.5.8

v7.5.9

v7.6

v7.6.1

v7.6.2

v7.6.3

v7.6.4

v7.6.5

v7.6.6

v7.7

v7.7.1

v7.8

v7.8.1

v7.8.2

v7.8.3

v7.8.4

v7.8.5

v7.8.6

v7.8.7

v7.8.8

v7.8.9

v7.9

v7.9.1

v7.9.2

v7.9.3

v7.9.4

v7.9.5

v8.*

v8.1

v8.1.1

v8.1.2

v8.1.3

v8.1.4

v8.1.5

v8.1.6

v8.1.7

v8.1.8

v8.1.9

v8.1.9.1

v8.1.9.2

v8.1.9.3

v8.2

v8.2.1

v8.3

v8.3.1

v8.3.2

v8.3.3

v8.4

v8.4.1

v8.4.2

v8.4.3

v8.4.4

v8.4.5

v8.4.6

v8.4.7

v8.4.8

v8.4.9

v8.5

v8.5.1

v8.5.2

v8.5.3

v8.5.4

v8.5.5

v8.5.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-40166.json"