Skip to main content

Notepad CVE-2023-6401

HIGH
Uncontrolled Search Path Element (CWE-427)
2023-11-30 cna@vuldb.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 30, 2023 - 15:15 nvd
HIGH 7.8

DescriptionNVD

A vulnerability classified as problematic was found in NotePad++ up to 8.1. Affected by this vulnerability is an unknown functionality of the file dbghelp.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The identifier VDB-246421 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

A vulnerability classified as problematic was found in NotePad++ up to 8.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-427. A vulnerability classified as problematic was found in NotePad++ up to 8.1. Affected by this vulnerability is an unknown functionality of the file dbghelp.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The identifier VDB-246421 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Affected products include: Notepad-Plus-Plus Notepad\+\+. Version information: up to 8.1..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2014-9456 CRITICAL POC
10.0 Jan 02

Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have unspecified impact via a long Time attribute in an Ev

CVE-2025-15556 HIGH
7.5 Feb 03

Notepad++ versions prior to 8.8.9 contain an update integrity verification vulnerability (CVE-2025-15556) when using the

CVE-2023-47452 HIGH POC
7.8 Nov 30

An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msim

CVE-2023-40031 HIGH POC
7.8 Aug 25

Notepad++ is a free and open-source source code editor. Rated high severity (CVSS 7.8), this vulnerability is no authent

CVE-2022-32168 HIGH POC
7.8 Sep 28

Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (Ux

CVE-2019-16294 HIGH POC
7.8 Sep 14

SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode ch

CVE-2026-3008 MEDIUM POC
6.6 Apr 27

String injection in Notepad++ 8.9.3 leads to memory address disclosure or application crash when processing maliciously

CVE-2022-31902 MEDIUM POC
5.5 Feb 01

Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add(). Rated medium severity (CVSS

CVE-2023-40166 MEDIUM POC
5.5 Aug 25

Notepad++ is a free and open-source source code editor. Rated medium severity (CVSS 5.5), this vulnerability is no authe

CVE-2023-40164 MEDIUM POC
5.5 Aug 25

Notepad++ is a free and open-source source code editor. Rated medium severity (CVSS 5.5), this vulnerability is no authe

CVE-2023-40036 MEDIUM POC
5.5 Aug 25

Notepad++ is a free and open-source source code editor. Rated medium severity (CVSS 5.5), this vulnerability is no authe

CVE-2023-0909 MEDIUM POC
5.5 Feb 18

A vulnerability, which was classified as problematic, was found in cxasm notepad-- 1.22. Rated medium severity (CVSS 5.5

Share

CVE-2023-6401 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy