Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-31902
CVE-2022-31902:
Notepad++ vulnerability analysis and mitigation
Overview
Notepad++ v8.4.1 was discovered to contain a stack overflow vulnerability in the component Finder::add(). The vulnerability was assigned CVE-2022-31902 and was initially reported on May 31, 2022 (CVE Mitre).
Technical details
The vulnerability is a stack overflow that occurs in the Finder::add() component of Notepad++. When users utilize the find functionality on specially crafted text files, it triggers memory allocation issues. Specifically, when using 'Find All in All Opened Document' or 'Find All in Current Opened Document' options, the application attempts to allocate excessive memory (size 4bf21), leading to a bad_alloc error (GitHub POC).
Impact
When successfully exploited, this vulnerability can lead to application crashes, resulting in a Denial of Service (DoS) condition. The issue affects multiple versions of Notepad++ (32-bit), including versions 8.3.2 through 8.4.9 (GitHub POC).
Additional resources
Source: This report was generated using AI
Related Notepad++ vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management