Notepad++ Faces Multiple Buffer Overflow Issues

Posted: 2023-09-06
By: dwirch
Viewed: 98

Filed Under:

News, Security

No attachments for this post

Several Buffer Overflow vulnerabilities have emerged in Notepad++, which could be potentially exploited for harmful intentions. These vulnerabilities range in severity from medium (5.5) to high (7.8).

These vulnerabilities concern heap buffer write and read overflows within specific functions and libraries of the Notepad++ software. GitLab security expert, Jaroslav Lobačevski (@JarLob), identified them.

For those unfamiliar, Notepad++ is a renowned open-source code editor based on C++, designed for Microsoft's x86, x64, and AArch64 architectures. This software, developed by Don Ho, supports tabbed editing, which facilitates managing multiple files simultaneously in one window.

Despite being alerted, Notepad++ has yet to release any patches. As per their disclosure protocol, GitLab went ahead to disclose these vulnerabilities, providing the related proof-of-concept.

Vulnerability Details

• CVE-2023-40031: This relates to a flaw in the Utf8_16_Read::convert function, used for encoding conversions. There's an inherent assumption in this function that can lead to buffer overflow when faced with specific byte values.

• CVE-2023-40036: A vulnerability originating from an array index issue linked to the mCharToFreqOrder buffer, exploitable by custom-crafted files. The uchardet library, used by the application, aids this operation.

• CVE-2023-40164: This stems from the divergent uchardet library utilized by Notepad++. An array index problem, connected to the charLenTable buffer, is at the core of this vulnerability.

• CVE-2023-40166: When initializing a file, Notepad++ encounters a flaw during its content type identification process, which can cause a buffer overflow due to a missing check in the loop.

Currently, there's no word on patches from Notepad++. However, GitLab's comprehensive report on these vulnerabilities provides deeper insights, proof-of-concept, sample code, and more.

Comments on this post

No comments have been added for this post.

You must be logged in to make a comment.