CVE-2023-40031 – Notepad++ vulnerable to heap buffer write overflow in Utf8_16_Read::convert
https://notcve.org/view.php?id=CVE-2023-40031
Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in `Utf8_16_Read::convert`. This issue may lead to arbitrary code execution. As of time of publication, no known patches are available in existing versions of Notepad++. • https://github.com/webraybtl/CVE-2023-40031 https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__ • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVE-2022-31902
https://notcve.org/view.php?id=CVE-2022-31902
Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add(). • https://github.com/CDACesec/CVE-2022-31902 http://notepad.com • CWE-787: Out-of-bounds Write •
CVE-2022-31901
https://notcve.org/view.php?id=CVE-2022-31901
Buffer overflow in function Notepad_plus::addHotSpot in Notepad++ v8.4.3 and earlier allows attackers to crash the application via two crafted files. El desbordamiento de búfer en la función Notepad_plus::addHotSpot en Notepad++ v8.4.3 y versiones anteriores permite a los atacantes bloquear la aplicación mediante dos archivos manipulados. • https://github.com/CDACesec/CVE-2022-31901 • CWE-787: Out-of-bounds Write •
CVE-2022-32168 – notepad-plus-plus - DLL Hijacking
https://notcve.org/view.php?id=CVE-2022-32168
Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++. Notepad++ versiones 8.4.1 y anteriores, son vulnerables a un secuestro de DLL, donde un atacante puede reemplazar la dll vulnerable (UxTheme.dll) por su propia dll y ejecutar código arbitrario en el contexto de Notepad++ • https://github.com/notepad-plus-plus/notepad-plus-plus/commit/85d7215d9b3e0d5a8433fc31aec4f2966821051e https://www.mend.io/vulnerability-database/CVE-2022-32168 • CWE-427: Uncontrolled Search Path Element •
CVE-2019-16294 – Notepad++ < 7.7 (x64) - Denial of Service
https://notcve.org/view.php?id=CVE-2019-16294
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file. La biblioteca SciLexer.dll en Scintilla en Notepad ++ (x64) versiones anteriores a 7.7, permite la ejecución de código remota o la denegación de servicio por medio de caracteres Unicode en un archivo .ml diseñado. Notepad++ (x64) versions prior to 7.7 allow remote code execution or denial of service via a crafted .ml file. • https://www.exploit-db.com/exploits/47393 http://packetstormsecurity.com/files/154706/Notepad-Code-Execution-Denial-Of-Service.html https://github.com/bi7s/CVE/tree/master/CVE-2019-16294 https://notepad-plus-plus.org/download/v7.7.html https://www.scintilla.org/ScintillaHistory.html • CWE-787: Out-of-bounds Write •