- Denial Of Services (DOS) in
Notepad++(x86)in8.4.3and before.
- Vulnerability triggering, via opening two specially crafted text files (
e.g. first.txt & second.txt) as input to notepad++.
As an illustrative example below, as of 11/07/2022, latest version of Notepad++(x86) is 8.4.3 is used.
- Open the two example input files first.txt & second.txt in Notepad++ in any order.
Here we can see the problem to parse these files in ScintallComponent -> Editor.h -> Line number 690.
-
When notepad++ opens any file it calls a function notepad_plus::addHotSpot which creates heap memory with new operator and stores the return address in widetext variable
TCHAR *wideText = new TCHAR[endPos - startPos + 1];. Since it requests for large allocation, new returns bad_alloc which is not handled in notepad++ and results in DoS. -
So it can be said that, opening the two example files with Notepad++(x86) <= 8.4.3 is leading to Denial of Service.
The vulnerability is tested to work on following version:
- Notepad++ 8.3.2 32-bit
- Notepad++ 8.3.3 32-bit.
- Notepad++ 8.4.0 32-bit.
- Notepad++ 8.4.1 32-bit.
- Notepad++ 8.4.2 32-bit.
- Notepad++ 8.4.3 32-bit.
- Windows 11 - 22563.1000 64 bit
- Windows 10 - 10.0.19042.1586 64-bit
- Windows 10 - 10.0.19044.1706 64-bit
- As of 05-01-2023, this issue still persists in the
Notepad++ versions 8.4.8 (32-bit) and before. - As of 01-02-2023, this issue still persists in the
Notepad++ versions 8.4.9 (32-bit) and before.