This is linked to a specific version of the uchardet library used by Notepad++, vulnerable due to its dependency on the size of the charLenTable buffer. CVE-2023-40164: Global buffer read overflow in nsCodingStateMachine::NextState.CVE-2023-40036: Global buffer read overflow in CharDistributionAnalysis::HandleOneChar caused by an array index order based on the buffer size, exacerbated by using the uchardet library.CVE-2023-40031: Buffer overflow in the Utf8_16_Read::convert function due to incorrect assumptions about UTF16 to UTF8 encoding conversions.Here's a summary of the four flaws discovered by GitHub's researcher: The discovered vulnerabilities involve heap buffer write and read overflows in various functions and libraries used by Notepad++. Proof of concept exploits have also been published for these flaws in the researcher's public advisory, making it essential for users to update the program as soon as possible. GitHub's security researcher Jaroslav Lobačevski reported the vulnerabilities in Notepad++ version 8.5.2 to the developers over the last couple of months. Notepad++ is a popular free source code editor that supports many programming languages, can be extended via plugins, and offers productivity-enhancing features such as multi-tabbed editing and syntax highlighting. Notepad++ version 8.5.7 has been released with fixes for multiple buffer overflow zero-days, with one marked as potentially leading to code execution by tricking users into opening specially crafted files.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |