CVE-2023-0909 - OpenCVE

A vulnerability, which was classified as problematic, was found in cxasm notepad-- 1.22. This affects an unknown part of the component Directory Comparison Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The associated identifier of this vulnerability is VDB-221475.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Notepad-- Project	Notepad--

Configuration 1 [-]

cpe:2.3:a:notepad--_project:notepad--:1.22:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://gitee.com/cxasm/notepad--/issues/I6C80Z
https://vuldb.com/?ctiid.221475
https://vuldb.com/?id.221475

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2023-02-18T08:34:15.314Z

Updated: 2024-08-02T05:24:34.699Z

Reserved: 2023-02-18T08:33:37.775Z

Link: CVE-2023-0909

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-18T09:15:10.727

Modified: 2024-05-17T02:17:38.513

Link: CVE-2023-0909

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0909", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-02-18T08:33:37.775Z", "datePublished": "2023-02-18T08:34:15.314Z", "dateUpdated": "2024-08-02T05:24:34.699Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-20T21:22:30.488Z"}, "title": "cxasm notepad-- Directory Comparison denial of service", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "CWE-404 Denial of Service"}]}], "affected": [{"vendor": "cxasm", "product": "notepad--", "versions": [{"version": "1.22", "status": "affected"}], "modules": ["Directory Comparison Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in cxasm notepad-- 1.22. This affects an unknown part of the component Directory Comparison Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The associated identifier of this vulnerability is VDB-221475."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in cxasm notepad-- 1.22 gefunden. Es betrifft eine unbekannte Funktion der Komponente Directory Comparison Handler. Dank Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P"}}], "timeline": [{"time": "2023-02-18T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-02-18T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-02-18T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-03-23T08:39:38.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "VulDB Gitee Analyzer", "type": "tool"}], "references": [{"url": "https://vuldb.com/?id.221475", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.221475", "tags": ["signature", "permissions-required"]}, {"url": "https://gitee.com/cxasm/notepad--/issues/I6C80Z", "tags": ["issue-tracking"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:24:34.699Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.221475", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.221475", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://gitee.com/cxasm/notepad--/issues/I6C80Z", "tags": ["issue-tracking", "x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:notepad--_project:notepad--:1.22:*:*:*:*:*:*:*", "matchCriteriaId": "4D4C43B1-8CAA-44CB-98F5-769441546D97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in cxasm notepad-- 1.22. This affects an unknown part of the component Directory Comparison Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The associated identifier of this vulnerability is VDB-221475."}], "id": "CVE-2023-0909", "lastModified": "2024-05-17T02:17:38.513", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-02-18T09:15:10.727", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://gitee.com/cxasm/notepad--/issues/I6C80Z"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.221475"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.221475"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-404"}], "source": "cna@vuldb.com", "type": "Secondary"}]}