CVE-2021-47944
Memono Notepad iOS DoS via Long Character Buffer
Publication date: 2026-05-10
Last updated on: 2026-05-10
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| memono | notepad | 4.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-789 | The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47944 is a denial of service vulnerability in memono Notepad version 4.2 on iOS devices. The flaw occurs because the application does not properly handle excessively long character buffers pasted into note fields.
An attacker can create a payload consisting of 350,000 repeated characters and paste it twice into a new note, which triggers a buffer overflow and causes the application to crash.
This vulnerability is categorized under CWE-789, which involves memory allocation with an excessive size value.
How can this vulnerability impact me? :
This vulnerability can cause the memono Notepad application to crash unexpectedly when an attacker pastes a specially crafted large payload into a note.
The impact is a denial of service (DoS), meaning legitimate users may lose access to the application temporarily or experience interruptions in their workflow.
Since the vulnerability requires no privileges or user interaction beyond pasting the payload, it can be exploited remotely and easily, increasing the risk of disruption.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the denial of service condition on the memono Notepad 4.2 application running on iOS devices.
Specifically, you can generate a payload containing 350,000 repeated characters using a script (such as the Python script referenced in the exploit) and then paste this payload twice into a new note within the application. If the application crashes, the vulnerability is present.
There are no specific network commands to detect this vulnerability since it is triggered by user input within the application.
Suggested command example to generate the payload (based on Resource 2):
- Run a Python script (payload.py) that creates a file with 350,000 repeated characters.
- Copy the content of the generated file twice into a new note in memono Notepad 4.2 on an iOS device.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding pasting excessively long character buffers (such as 350,000 repeated characters) into note fields in memono Notepad 4.2 on iOS devices.
Since the vulnerability is triggered by user input, restricting or sanitizing input length in the application can help prevent the denial of service condition.
Additionally, monitor for updates or patches from the vendor that address this buffer overflow vulnerability and apply them as soon as they become available.