CVE-2023-40031

HIGH

Notepad-plus-plus Notepad++ < 8.5.6 - Heap Buffer Overflow

Title source: rule

Description

Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in `Utf8_16_Read::convert`. This issue may lead to arbitrary code execution. As of time of publication, no known patches are available in existing versions of Notepad++.

Exploits (1)

nomisec WRITEUP 15 stars

by webraybtl · poc

https://github.com/webraybtl/CVE-2023-40031

View Code ZIP pw:eip

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_confirm

https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/

Scores

CVSS v3 7.8

EPSS 0.0037

EPSS Percentile 58.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-122 CWE-120

Status published

Products (1)

notepad-plus-plus/notepad\+\+ < 8.5.6

Published Aug 25, 2023

Tracked Since Feb 18, 2026