CVE-2021-47944

Summary

memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character buffers into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an application crash on iOS devices.

Affected Software

VendorProductVersion RangeStatus
memonoNotepad4.2affected

Weaknesses

  • CWE-789: Memory Allocation with Excessive Size Value

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References