CVE-2023-6401
NotePad++ dbghelp.exe uncontrolled search path
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability classified as problematic was found in NotePad++ up to 8.1. Affected by this vulnerability is an unknown functionality of the file dbghelp.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The identifier VDB-246421 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Una vulnerabilidad clasificada como problemática fue encontrada en NotePad++ hasta 8.1. Una función desconocida del archivo dbghelp.exe es afectada por esta vulnerabilidad. La manipulación conduce a una ruta de búsqueda incontrolada. Un ataque debe abordarse localmente. A esta vulnerabilidad se le asignó el identificador VDB-246421. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.
In NotePad++ bis 8.1 wurde eine problematische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalität der Datei dbghelp.exe. Durch Beeinflussen mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-11-30 CVE Reserved
- 2023-11-30 CVE Published
- 2023-12-01 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-427: Uncontrolled Search Path Element
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://vuldb.com/?id.246421 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Notepad-plus-plus Search vendor "Notepad-plus-plus" | Notepad\+\+ Search vendor "Notepad-plus-plus" for product "Notepad\+\+" | <= 8.1 Search vendor "Notepad-plus-plus" for product "Notepad\+\+" and version " <= 8.1" | - |
Affected
|